RDS PostgreSQL

Apono integration for AWS-managed PostgreSQL for the secure management of access to the relational database system

Overview

PostgreSQL databases are open-source relational database management systems emphasizing extensibility and SQL compliance. Amazon enables developers to create cloud-hosted PostgreSQL databases.

Through this integration, Apono helps you securely manage access to your Amazon RDS for PostgreSQL instances.



Prerequisites

Before starting this integration, create the items listed in the following table.

Item Description
Apono Connector On-prem connection with network access to your Amazon RDS for PostgreSQL instances

Minimum Required Version: 1.3.0

Use the following steps to update an existing connector:
  1. On the Connector page, click ⋮ > Edit. The Edit the Connector page appears.
  2. Click Update Connector.
Secret Value generated through AWS Secrets Manager using credentials for an admin-level user of the Amazon RDS instance:
"username": "POSTGRESQL_USERNAME", 
"password": "PASSWORD"

Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.

User PostgreSQL user for Apono

The user must have one of the following permissions:
CREATE USER apono_connector WITH ENCRYPTED PASSWORD 'password';

ALTER USER apono_connector WITH CREATEROLE;

GRANT rds_superuser TO apono_connector;
PostgreSQL InfoInformation for the database instance to be integrated:
  • Hostname
  • Port Number
  • Database Name
AWS Tag(Optional) Metadata label assigned to AWS resources

Adding an AWS tag, enables Apono to discover and add resources on your behalf.

When adding an AWS tag, use the following information:


Integrate Amazon RDS for PostgreSQL

Amazon RDS tile

PostgreSQL tile

Use the following steps to complete the integration:

  1. On the Catalog tab, click PostgreSQL. The Connect PostgreSQL page appears.
  2. From the dropdown menu, select a connector.

    💡

    If the desired connector is not listed, click + Add new connector and follow the instructions for creating an AWS connector.


  1. Click Next. The Complete setup page appears.
  2. Enter a unique, alphanumeric, user-friendly Integration Name. This name is used to identify this integration when constructing an Access Flow.
  3. Enter the Hostname of the PostgreSQL instance to connect.
  4. (Optional) Enter the Port value for the database. By default, Apono sets this value to 5432.
  5. Enter the Database Name.
  6. From the SSL Mode dropdown menu, select the mode of Secure Sockets Layer (SSL) encryption used to secure the connection with the SQL database server:
    • require: (Recommended) An SSL-encrypted connection must be used.
    • allow: An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used.
    • disable: An unencrypted connection is used.
    • prefer: An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used.
    • verify-ca: An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass.
    • verify-full: An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names.
  7. Under Secret Store, associate the secret.
  8. Click Connect.

Now that you have completed this integration, you can create access flows that grant permission to your RDS for PostgreSQL database.