CAST supports PostgreSQL instances deployed via Amazon Web Services RDS - some recommendations for accessing these instances for use with CAST AIP are listed below.
CAST products all require the CAST AIP schemas to be installed within a database called "postgres" - this is therefore also a requirements for PostgreSQL instances deployed on Amazon Web Services RDS.
By default the rds_superuser will be made available within the Amazon Web Services RDS PostgreSQL instance (see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html) - therefore, based on that you can create additional users. The equivalent CAST Storage Service provided by CAST includes two default users as follows:
|guest||WelcomeToAIP||-||Note that in the CAST AIP ≥ 8.3.11, the "guest" user is no longer used.|
If you would like to create these users in the Amazon Web Services RDS environment, use the following commands:
You can also create users without the rds_superuser role, for example:
You should also read SSL encrypted mode configuration for CAST Storage Service and PostgreSQL.
Just like an on premises PostgreSQL/CAST Storage Service instance, Amazon Web Services RDS supports Secure Socket Layer (SSL) encryption for PostgreSQL instances. Using SSL, you can encrypt a PostgreSQL connection between your applications and your PostgreSQL DB instances. You can also force all connections to your PostgreSQL DB instance to use SSL. The configuration
To connect to a PostgreSQL DB instance over SSL:
- Download the certificate. For information about downloading certificates, see Using SSL/TLS to encrypt a connection to a DB instance (third-party information).
- Import the certificate into your operating system. For sample scripts that import certificates, see Sample script for importing certificates into your trust store (third-party information).
- Connect to your PostgreSQL DB instance over SSL.
When you connect using SSL, your client can choose whether to verify the certificate chain. If your connection parameters specify
sslmode=verify-full, then your client requires the RDS CA certificates to be in their trust store or referenced in the connection URL. This requirement is to verify the certificate chain that signs your database certificate. Use the
sslrootcert parameter to reference the certificate, for example
For example, the entry for AWS SSL RDS in the SSLParameters.ini looks like this: