Child pages
  • Amazon RDS as an Identity Management Repository

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Setup AWS RDS Postgres instance.
  2. Configure network and security.
  3. Modify ForgeRock Postgres script.
  4. Complete steps for Postgres as an IDM repo, as documented in Installation Guiderepository.

Setup Amazon RDS Postgres

...

Info
titleSecurity Group / VPC Architecture

Note there is a relationship with the Amazon concept of Virtual Private Cloud (VPC) settings and the associated Amazon concept of a Security Group.  Both are key to connectivity to services, including RDS.



To test network connectivity:  From the environment that ForgeRock IDM runs: 

Code Block
nc -zv my-rds-instance.us-east-1.rds.amazonaws.com 5432 
Ncat: Version 7.50 ( https://nmap.org/ncat ) 
Ncat: Connected to 172.30.0.250:5432.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.

The above command will prove connectivity to the AWS RDS instance of Postgres from the IDM environment as shown in the response, or there will be a timeout.  Timeout means something in network needs to be debugged.


Modify ForgeRock Postgres script

...

Code Block
languagesql
themeConfluence
firstline0001
titlecreate-user-aws-rds.psql
create USER openidm with password 'openidm';
grant openidm TO postgres;
create database openidm encoding 'utf8' owner openidm;
grant all privileges on database openidm to openidm;


execute the create-user-aws.pgsql script

Code Block
languagebash
themeConfluence
firstline0001
titleExecute script
psql -U postgres < /path/to/openidm/db/postgresql/scripts/createuser.pgsql

After this runs a new user called openidm will exist and can be used the execute the remaining scripts.

Complete steps for Postgres as an IDM repository

From this point the steps in the ForgeRock Installation Guide regarding the topic of Postgres as a repository can be completed as prescribed.



In summary the two details that change from the guide are:

  1. Instead of configuring a Postgres client authentication file, perform functional equivalent in AWS Security Groups
  2. The createuser.psql script for Postgres needs to be altered. 


The remaining steps detailed here: https://backstage.forgerock.com/docs/idm/6.5/install-guide/#repository-postgresql, in brief are:

Execute remaining scripts:

Code Block
languagebash
titleExecute scripts
psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -U opening < openidm.pgsql 
psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -U openidm < audit.pgsql 
psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -d openidm -U openidm < activiti.postgres.create.engine.sql 
psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -d openidm -U openidm < activiti.postgres.create.history.sql 
psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -d openidm -U openidm < activiti.postgres.create.identity.sql

Content by Label
showLabelsfalse
max5
spacesopenidm
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("repo","cloud","repository","aws","idm","database","rds","amazon","openidm","postgres") and type = "page" and space = "openidm"
labelsIDM openidm postgres AWS RDS Amazon repo repository database cloud

...