This topic describes how to use the fdw extension of PostgreSQL to allow an ApsaraDB RDS for PostgreSQL instance to access an external database that has public IP addresses.
Background information
ApsaraDB RDS for PostgreSQL supports the fdw extension to enable an RDS instance to access an external database that runs a database engine such as MySQL, SQL Server, PostgreSQL, or Redis. An RDS instance is created in a virtual private cloud (VPC). To access database services that are accessible over the Internet, you must configure an Internet NAT gateway for your RDS instance and associate an elastic IP address (EIP) with the Internet NAT gateway.
This topic describes how to configure an Internet NAT gateway and associate an EIP with the Internet NAT gateway to enable your RDS instance to access a database over the Internet. In addition, you can configure SNAT rules for the NAT gateway to allow only outbound connections from the RDS instance to the Internet. Your RDS instance does not provide services over the Internet or cannot be accessed over the Internet. This way, you can ensure the network security of your RDS instance.
For more information about NAT gateways and SNAT, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
Prerequisites
- An external database that has public IP addresses is available. The database can run MySQL, SQL Server, PostgreSQL, or Redis.
- An RDS instance is created. For more information, see Create an ApsaraDB RDS for PostgreSQL instance.
Important The following extensions are required to enable your RDS instance to access the external database. Make sure that your RDS instance supports the extensions. For more information about the extensions that are supported by each PostgreSQL version, see Supported extensions.
- MySQL: mysql_fdw
- SQL Server: tds_fdw
- PostgreSQL: postgres_fdw
- Redis: redis_fdw
- Accounts are created for the external database and your RDS instance.
- For more information about how to create an account for the external database, see the official documentation of each database engine.
- For more information about how to create an account for your RDS instance, see Create an account on an ApsaraDB RDS for PostgreSQL instance.
- Data is created for the external database.
Procedure
Configure an Internet NAT gateway
- Create an Internet NAT gateway.
- Associate an EIP with the Internet NAT gateway.
- Create an SNAT entry.
Configure the external database
- If the external database runs MySQL, configure the external database based on Privileges Provided by MySQL.
- If the external database runs PostgreSQL, configure the external database based on The pg_hba.conf File.
- If the external database runs SQL Server, configure the external database based on Configure the Windows Firewall to Allow SQL Server Access.
- If the external database runs Redis, use firewalls to specify the ports that the EIP
can access. For example, you can install iptables in CentOS and run the following
command:
iptables -A INPUT -s <EIP that is assoicated with the Internet NAT gateway> -p tcp --dport <Redis port number> -j ACCEPT