Child pages
  • Amazon RDS as an Identity Management Repository
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud.  With this value proposition in mind, customers want to leverage cloud databases such as RDS to become the ForgeRock Identity Management (IDM) repository.  This guide describes how to configure the Postgres flavor of RDS as an IDM repository.

Step-by-step guide

  1. Setup AWS RDS Postgres instance.
  2. Configure AWS Security Group settings.
  3. Ensure network connectivity from within a deployed IDM environment.
  4. Modify ForgeRock Postgres script to accommodate RDS nuances.
  5. Complete steps for Postgres as an IDM repo, as documented in Installation Guide.



Setup Amazon RDS Postgres

Before starting, some key configuration details are needed:

Postgres

  • Port 5432
  • PubliclyAccessible (true or false)

Security Groups

  • Inbound add rules to accommodate the Postgres port (ie 5432) limited by IP addresses (optional)
  • Outbound rules  "CidrIp": "0.0.0.0/0"


  1. Enter the RDS Console
  2. Create a PostgreSQL DB Instance that matches a version ForgeRock Identity Management supports per our release notes: https://backstage.forgerock.com/docs/idm
  3. Configure based upon  https://aws.amazon.com/getting-started/tutorials/create-connect-postgresql-db/


The above highlights changes from default settings.  These are to create new security groups, VPC, subnets and to make the instance publicly available.

In production tighter control over the network may be desired, but the scope of this paper is not to illustrate a hardened configuration, but rather provide an easy configuration example for understanding.



Configure AWS Security Group settings



https://backstage.forgerock.com/docs/idm/6.5/install-guide/#repository-postgresql




Ensure network connectivity is accessible from the Identity Management instance.  This includes settings in RDS setup that configure the specific, Amazon VPC, Availability Zones and Security Groups.





  • No labels