> ## Documentation Index
> Fetch the complete documentation index at: https://docs.peerdb.io/llms.txt
> Use this file to discover all available pages before exploring further.

# RDS Postgres Source Setup Guide

## Supported Postgres versions

Anything on or after Postgres 12

## Enable Logical Replication

**You don't need** to follow the below steps if the settings `rds.logical_replication` is 1 and `wal_sender_timeout` is 0. These settings should mostly be pre-configured if you are migrating from another data replication tool.

<Frame caption="Checking if the logical replication is already enabled">
  <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/logical_rep_already_configured.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=725f99ab4c98be08d4f1412fb2280827" width="1476" height="554" data-path="images/setup/logical_rep_already_configured.png" />
</Frame>

1. Create a new parameter group for your Postgres version with `rds.logical_replication` set to 1; and `wal_sender_timeout` set to 0.

   <Frame caption="Where to find Parameter groups in RDS?">
     <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/parameter_group_in_blade.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=7f6731810faf13188bd0a2b35b7eb758" width="3756" height="1710" data-path="images/setup/parameter_group_in_blade.png" />
   </Frame>

   <Frame caption="Changing rds.logical_replication">
     <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/change_rds_logical_replication.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=4c96c08d324115ca794ecdc34f6c577e" width="3806" height="1682" data-path="images/setup/change_rds_logical_replication.png" />
   </Frame>

   <Frame caption="Changing wal_sender_timeout">
     <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/change_wal_sender_timeout.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=e584a3844e9eb469343bfbeeaca508f9" width="3764" height="1560" data-path="images/setup/change_wal_sender_timeout.png" />
   </Frame>

2. Modify the RDS Postgres database by adding the new parameter group.

   <Frame caption="Modifying RDS Postgres with new parameter group">
     <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/modify_parameter_group.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=34ec2eff8500439c747837adc836265d" width="1826" height="1372" data-path="images/setup/modify_parameter_group.png" />
   </Frame>

3. Reboot your RDS Postgres database for the above parameters to kick in.

   <Frame caption="Reboot RDS Postgres">
     <img src="https://mintcdn.com/peerdb/wtgPI5cQwjI2FO0m/images/setup/reboot_rds.png?fit=max&auto=format&n=wtgPI5cQwjI2FO0m&q=85&s=fb7c4872845b9f57fcc9bf4b43e95999" width="3266" height="1374" data-path="images/setup/reboot_rds.png" />
   </Frame>

## Creating PeerDB User and Granting permissions

Connect to your RDS postgres through the admin user and run the below commands:

1. Create a dedicated user for PeerDB:

   1. ```sql theme={null}
           CREATE USER peerdb_user PASSWORD 'some-password';
      ```

2. Grant schema-level, read-only access to the user you created in the previous step. The following example shows permissions for the `public` schema. Repeat these commands for each schema containing tables you want to replicate:

   1. ```sql theme={null}
           GRANT USAGE ON SCHEMA "public" TO peerdb_user;
           GRANT SELECT ON ALL TABLES IN SCHEMA "public" TO peerdb_user;
           ALTER DEFAULT PRIVILEGES IN SCHEMA "public" GRANT SELECT ON TABLES TO peerdb_user;
      ```

3. Grant replication privileges to the user:

   1. ```sql theme={null}
           GRANT rds_replication TO peerdb_user;
      ```

4. Create a [publication](https://www.postgresql.org/docs/current/logical-replication-publication.html) with the tables you want to replicate. We strongly recommend only including the tables you need in the publication to avoid performance overhead.

   <Note>
     Any table included in the publication must either have a **primary key** defined *or* have its **replica identity** configured to `FULL`.
   </Note>

   1. To create a publication for specific tables:

   ```sql theme={null}
         CREATE PUBLICATION peerdb_publication FOR TABLE table_to_replicate, table_to_replicate2;
   ```

   2. To create a publication for all tables in a specific schema:

      ```sql theme={null}
            CREATE PUBLICATION peerdb_publication FOR TABLES IN SCHEMA "public";
      ```

   The `peerdb_publication` publication will contain the set of change events generated from the specified tables, and will later be used to create the MIRROR (replication).

<Note>
  The PeerDB user must not be restricted by RLS policies, as it can lead to missing data. You can disable RLS policies for the user by running the below command:

  ```sql theme={null}
  ALTER USER peerdb_user BYPASSRLS;
  ```
</Note>

## PeerDB SSH Tunneling Guide (Optional)

Sometimes to connect to your Postgres database you may need PeerDB to use an SSH tunnel.

This is typically used when your database is not publicly accessible and you need to connect to it a jump server in your VPC.

This is done by creating an SSH tunnel to your jump server and then connecting to the database through the tunnel. All
of this is handled by PeerDB natively.

<Steps>
  <Step title="Generate a key-pair">
    Generate a key-pair using the following command:

    ```bash theme={null}
    ssh-keygen -t rsa -b 4096 -C "peerdb-ssh-tunnel" -f peerdb_key.pem
    ```

    This will generate a private key (`peerdb_key.pem`) and a public key (`peerdb_key.pub`).
  </Step>

  <Step title="Add public key to your jump server">
    Add the public key to your jump server. This can be done by adding the public key to the `~/.ssh/authorized_keys` file on the jump server.

    ```bash theme={null}
    # On the jump server
    cat peerdb_key.pub >> ~/.ssh/authorized_keys
    ```
  </Step>

  <Step title="Add private key to the connection">
    When creating a Postgres peer you can specify the option to use an SSH tunnel. There you will be able to provide the private key you generated in the first step along with the jump server details.
  </Step>
</Steps>

## Safe list PeerDB Cloud IPs

If you are using PeerDB Cloud [safelist public IPs of your PeerDB Cloud instance](/peerdb-cloud/ip-table) by editing the `Inbound rules` of the `Security group` in which your
RDS Postgres (OR the Jump Server/Bastion if you are using SSH tunneling) is located.

<Frame caption="Where to find security group in RDS Postgres?">
  <img src="https://mintcdn.com/peerdb/wtgPI5cQwjI2FO0m/images/setup/security_group_in_rds_postgres.png?fit=max&auto=format&n=wtgPI5cQwjI2FO0m&q=85&s=2662d4752eec4dc4697758a6b2ebd609" width="3272" height="1286" data-path="images/setup/security_group_in_rds_postgres.png" />
</Frame>

<Frame caption="Edit inbound rules for the above security group">
  <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/edit_inbound_rules.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=c304d39a3b77450c895304c1ee4a6d59" width="3392" height="1762" data-path="images/setup/edit_inbound_rules.png" />
</Frame>

## Create RDS Postgres Peer in PeerDB

Through the PeerDB UI, create the RDS Postgres Peer using the `peerdb_user` that you created in the previous step.

<Frame caption="Create peer drop down">
  <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/create_postgres_peer.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=5165c2c68a2dce4cd68949e0acab1299" width="2290" height="1494" data-path="images/setup/create_postgres_peer.png" />
</Frame>

<Frame caption="Create RDS Postgres Peer">
  <img src="https://mintcdn.com/peerdb/L54DxDXK99_p-wL9/images/setup/create_peer.png?fit=max&auto=format&n=L54DxDXK99_p-wL9&q=85&s=686b5e5c7003c1365e117ef7450233f2" width="2542" height="1664" data-path="images/setup/create_peer.png" />
</Frame>
