Child pages
  • Amazon RDS as an Identity Management Repository

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Setup AWS RDS Postgres instance.
  2. Configure network and security.
  3. Modify ForgeRock Postgres script.
  4. Complete steps for Postgres as an IDM repo, as documented in Installation Guiderepository.

Setup Amazon RDS Postgres


titleSecurity Group / VPC Architecture

Note there is a relationship with the Amazon concept of Virtual Private Cloud (VPC) settings and the associated Amazon concept of a Security Group.  Both are key to connectivity to services, including RDS.

To test network connectivity:  From the environment that ForgeRock IDM runs: 

Code Block
nc -zv 5432 
Ncat: Version 7.50 ( ) 
Ncat: Connected to
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.

The above command will prove connectivity to the AWS RDS instance of Postgres from the IDM environment as shown in the response, or there will be a timeout.  Timeout means something in network needs to be debugged.

Modify ForgeRock Postgres script


Code Block
create USER openidm with password 'openidm';
grant openidm TO postgres;
create database openidm encoding 'utf8' owner openidm;
grant all privileges on database openidm to openidm;

execute the create-user-aws.pgsql script

Code Block
titleExecute script
psql -U postgres < /path/to/openidm/db/postgresql/scripts/createuser.pgsql

After this runs a new user called openidm will exist and can be used the execute the remaining scripts.

Complete steps for Postgres as an IDM repository

From this point the steps in the ForgeRock Installation Guide regarding the topic of Postgres as a repository can be completed as prescribed.

In summary the two details that change from the guide are:

  1. Instead of configuring a Postgres client authentication file, perform functional equivalent in AWS Security Groups
  2. The createuser.psql script for Postgres needs to be altered. 

The remaining steps detailed here:, in brief are:

Execute remaining scripts:

Code Block
titleExecute scripts
psql -h -p 5432 -U opening < openidm.pgsql 
psql -h -p 5432 -U openidm < audit.pgsql 
psql -h -p 5432 -d openidm -U openidm < activiti.postgres.create.engine.sql 
psql -h -p 5432 -d openidm -U openidm < activiti.postgres.create.history.sql 
psql -h -p 5432 -d openidm -U openidm < activiti.postgres.create.identity.sql

Content by Label
cqllabel in ("repo","cloud","repository","aws","idm","database","rds","amazon","openidm","postgres") and type = "page" and space = "openidm"
labelsIDM openidm postgres AWS RDS Amazon repo repository database cloud