PostgreSQL

Integrate PostgresSQL with Apono to view existing permissions and create Access Flows to PostgreSQL databases

Overview

  • Reduce Over Privileges - Discover existing privileges to PostgreSQL databases and convert them to on-demand access flows to reduce over-privileges.
  • Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
  • Automated Approval Workflows - Create approval workflows to specific sensitive databases.
  • Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
  • Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.

Step by step guide

Prerequisites

  • An Apono connector installed with network access to the PostgreSQL databases

    • Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)
  • A user for Apono to your PostgreSQL with the following permissions:

    CREATE USER apono_connector WITH ENCRYPTED PASSWORD 'password';
    
    ALTER USER apono_connector WITH CREATEROLE;
    
    GRANT rds_superuser TO apono_connector;
    
  • A secret created in Secret Store with the following params:

    • Key username, Value PostgreSQL USERNAME
    • Keypassword, Value USERNAME PASSWORD

📘

Why does Apono need secrets?

Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.

How to integrate with PostgreSQL

📘

Is your PostgreSQL running on a cloud service?

If you are trying to connect to an RDS PostgreSQL or a CloudSQL PostgreSQL you should use the specific cloud service integration.

  1. Click on Integrations Catalog.
  2. Look for PostgreSQL and click Connect
  3. Select a Connector with network access to this PostgreSQL (see prerequisites)
  4. Specify the integrations details:
    • Integration name – type the name of the integration
      When building an Access Flow you will reference this name
    • Hostname – specify the hostname of the PostgreSQL you are connecting
    • Port - 5432
    • Database name
    • SSL Mode
  5. Provide the secret details (see prerequisites)
  6. Click "Connect"

👍

Hurray!

You've successfully integrated Apono with your PostgreSQL. You should now see the new integration in your Connected Integrations.

Use this integration in your existing or new Access Flow. Check this guide out for more information on creating your first Access Flow in Apono.

📘

Have multiple PostgreSQLs? Use the API

You can check out the Apono API reference to easily integrate multiple integrations.