Connect AWS RDS Postgres

Colleen Schnettler

March 21, 2024

AWS Setup for HelloQuery

If you’d like to connect an AWS RDS database on a private VPC to HelloQuery, there are a few additional steps you’ll have to take to whitelist our IPs.

Here at HelloQuery we take security very seriously, and to give you the best possible experience we’ll manually setup a secure SSH tunnel for you. You can add the security rules, test the connection, and reach out once you’re ready. It takes less than 24 hours after we receive your request to create the tunnel.

Table of Contents

• Make your database publicly accessible
• Create inbound security rules
• Test HelloQuery Connection
• Email us to setup your SSH tunnel

Make your db publicly accessible

The initial step in establishing a connection between your AWS RDS instance and HelloQuery involves configuring your database to be publicly accessible. This configuration does not expose your database to the public internet indiscriminately but is necessary for specifying more granular inbound security rules that will control access.

Access the Database Dashboard:

• • • Log in to the AWS Management Console.
    • Navigate to the RDS service by selecting “RDS” under “Database” services or searching for RDS in the service search bar.
    • Click on “Databases” in the left-hand navigation pane to view a list of your database instances.

Select Your Database Instance:

• • • From the list of databases, click on the “DB Identifier” of the database instance you wish to make publicly accessible. This action will take you to the database’s details page, which provides an overview of your database’s configurations, status, and connectivity options.

Modify the Database Instance:

• • • Look for the “Modify” button, typically located at the top of the database details page. Clicking on “Modify” will allow you to change various settings of your database instance.

See the screenshow below for reference:

Next, click on “Additional configuration”

Next select “Publicly Accessible”. Click on “Continue” and then “Save”.

Create Inbound Security Rules

Next you’ll need to edit the inbound security rules of your database's VPC security group. If the database instance was created in a VPC, it must have a VPC security group that authorizes connections.

Should you encounter any difficulties or require additional information, AWS provides comprehensive documentation on this topic, available at AWS RDS Security Group Documentation.

You can modify your existing security group or create a new one. From your database page, click on your security group as shown in the screenshot below.

Continue to click through to your security group ID.

Click on “Edit Inbound Rules”

Temporarily Allow All IP Addresses

To ensure that your AWS RDS database can successfully connect to HelloQuery (HQ), it's recommended to perform a connection test. This involves temporarily allowing all IP addresses to access your database. Note: This step is for testing purposes only and should be reversed after the test to maintain security.

Add a New Inbound Rule:

• Within the security group's “Inbound rules” tab, click on “Add rule” to create a new entry.
• For “Type,” select “PostgreSQL.” This selection will automatically set the port to 5432, which is the default for PostgreSQL databases.
• In the “Source” field, enter 0.0.0.0/0 to temporarily allow all IP addresses. This setting will enable you to test the connectivity without IP restrictions.

Apply the Rule:

• Click on “Save Rules” to save this new inbound rule.

Whitelisting HelloQuery's Static IP Addresses

While in the security group section, you’ll want to add the HelloQuery IPs.

Add Whitelist Rules:

• • • For enhanced security, add specific rules to allow access from HelloQuery’s static IP addresses. Click on “Add rule” for each IP address you wish to whitelist.
    • Set the “Type” to “PostgreSQL” for each rule, ensuring the port remains set to 5432.
    • In the “Source” field, input HelloQuery’s static IP addresses individually: 34.238.108.61/32 and 34.239.17.55/32. The /32 suffix denotes a single IP address.

Finalize the Rules:

• • • After adding the rules, click “Save Rules” to save the changes.

Test HelloQuery Connection

After configuring the inbound security rules in your AWS RDS security group, the next step is to verify that HelloQuery can successfully connect to your AWS RDS instance. This preliminary test ensures that the credentials and network configurations are correctly set up for a secure connection.

Sign In to HelloQuery:

• • • Access your HelloQuery account by signing in at https://app.helloquery.com. Click on “Databases” in the left hand navigation bar.

Configure a Test Connection:

• • • Enter your credentials as shown in the screenshot below.

Click “Test Connection”:

• • • With the details entered, proceed to test the connection. This step does not yet involve any data exchange but verifies the ability of HelloQuery to reach and authenticate with your AWS RDS database.

Important Note:

This will not be your permanent connection, we’ll create a new connection after your SSH tunnel is created.

Establish Your Custom SSH Tunnel

Upon verifying the initial connection between your AWS RDS instance and HelloQuery, the next step is to create a custom SSH tunnel. This process is managed directly by our support team to ensure a secure, efficient setup.

Initiating the Setup Process

Contact Support:

• • • Reach out to our support team by emailing [email protected]. In your message, provide the hostname of your AWS RDS instance that you wish to connect with HelloQuery through an SSH tunnel.

Security Reminder:

• • • For your security and privacy, please do not include any database credentials (username, password) in your email. Our policy ensures that we never request such sensitive information from our users. Your security is our top priority.

What Happens Next?

• Custom SSH Tunnel Configuration:
  • Once we receive your email with the necessary hostname information, our team will configure your SSH tunnel.
• Confirmation and Further Instructions:
  • You’ll hear back from us within 24 hours (usually sooner) with instruction on how to configure your new database connection

Final Security Measures

• Revoking Temporary Access:
  • Once you’ve connected with your new connection details, delete the Security Rule allowing Postgres access via 0.0.0.0

Get Started with HelloQuery

Your AWS RDS instance is securely connected, and you're ready to use HelloQuery. Dive into data analysis and management with confidence, knowing our support team is here if you need us. Thank you for choosing HelloQuery. Let the report building begin!