- Setup AWS RDS Postgres instance.
- Configure network and security.
- Modify ForgeRock Postgres script.
- Complete steps for Postgres as an IDM repo, as documented in Installation Guiderepository.
Setup Amazon RDS Postgres
Note there is a relationship with the Amazon concept of Virtual Private Cloud (VPC) settings and the associated Amazon concept of a Security Group. Both are key to connectivity to services, including RDS.
To test network connectivity: From the environment that ForgeRock IDM runs:
nc -zv my-rds-instance.us-east-1.rds.amazonaws.com 5432 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 172.30.0.250:5432. Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.
The above command will prove connectivity to the AWS RDS instance of Postgres from the IDM environment as shown in the response, or there will be a timeout. Timeout means something in network needs to be debugged.
Modify ForgeRock Postgres script
create USER openidm with password 'openidm'; grant openidm TO postgres; create database openidm encoding 'utf8' owner openidm; grant all privileges on database openidm to openidm;
execute the create-user-aws.pgsql script
psql -U postgres < /path/to/openidm/db/postgresql/scripts/createuser.pgsql
After this runs a new user called openidm will exist and can be used the execute the remaining scripts.
Complete steps for Postgres as an IDM repository
From this point the steps in the ForgeRock Installation Guide regarding the topic of Postgres as a repository can be completed as prescribed.
In summary the two details that change from the guide are:
- Instead of configuring a Postgres client authentication file, perform functional equivalent in AWS Security Groups
- The createuser.psql script for Postgres needs to be altered.
The remaining steps detailed here: https://backstage.forgerock.com/docs/idm/6.5/install-guide/#repository-postgresql, in brief are:
Execute remaining scripts:
psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -U opening < openidm.pgsql psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -U openidm < audit.pgsql psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -d openidm -U openidm < activiti.postgres.create.engine.sql psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -d openidm -U openidm < activiti.postgres.create.history.sql psql -h my-rds-instance.us-east-1.rds.amazonaws.com -p 5432 -d openidm -U openidm < activiti.postgres.create.identity.sql
|Content by Label|