Skip to main content

Setup Zuora Connector for AWS RDS Postgres

Zuora

Setup Zuora Connector for AWS RDS Postgres

Provides detailed instructions for setting up the Zuora Connector for AWS RDS Postgres.

Configure your AWS RDS Postgres Destination

To configure your AWS RDS Postgres destination within the Zuora Connector, follow the steps to set up AWS RDS Postgres database credentials, manage permissions, configure access to the database, and make other necessary configurations to facilitate a smooth data transfer from Zuora to AWS RDS Postgres.

  • If your Postgres database is protected by security groups or other firewall settings, you will need to have the data-syncing service's static IP available to complete Step 1.

Step 1: Allow access

Allow write access to a portion of your RDS or Aurora PostgreSQL database.

Configure the Security Group

  1. In your Amazon RDS > Databases list, click the PostgreSQL instance you want to send data to.
  2. On the database page, in the Connectivity & security tab, make a note of the Endpoint and the Port number.
    • 1-postgres-endpoint.png
  3. In the Security section, ensure that set the Publicly accessible setting is set to Yes to ensure that the destination is accessible from outside your VPC. Note that it is still only accessible through whitelisted IPs at this point.
    • 2-postgres-publicly-accessible.png
  4. Click one of the VPC security groups (usually default).
    VPC groups are permissive (vs. restrictive), and for instances with multiple VPC security groups, only one needs to be configured with the new inbound rule.

    • 3-postgres-vpc-security-groups.png

  5. In the Security Groups section, select the Inbound rules tab.

  6. Click Edit inbound rules and then click Add rule.
  7. Edit the newly created rule of type Custom TCP with the Port range noted in the first step (usually 5432) and a Custom Source value that includes all of the service IPs. You will need to add /32 to the end of each IP (CIDR notation).
  8. Click Save rules.

4-postgres-add-rule.png

Configure network ACLs (Access Control List)

For database instances in a VCP

  1. In your RDS dashboard, select the PostgreSQL instance.
  2. Click the link to the instance's VPC.
  3. Click the VPC ID.
    • 4.1postgres-vpc-id.png
  4. In the Details section, click on the link under Main network ACL.
    • 5-postgres-main-network-acl-id.png
  5. Click on the network ACL ID.
    • 5.1-postgres-network-acl-id.png
  6. Edit the inbound rules:
    • Click on the Inbound rules tab. Check whether there is an existing rule with a Source of 0.0.0.0/0 set to Allow. (This is a default rule created by AWS. If this rule already exists, skip to Edit outbound rules.)
    • 6-postgres-inbound-rules.png
  7. Create the inbound rule (if it does not already exist). Click Edit inbound rules and either Add new rule or edit an existing rule to allow access to the port number of your database instance (usually 5432) from the Prequel static IP. Click Save Changes.
  8. Edit the outbound rules:
    • In the ACL menu, select the Outbound rules tab, and check if there is an existing rule with a Destination of 0.0.0.0/0 set to Allow. (This is a default rule created by AWS. If this rule already exists, skip to the next step.)
    • 7-postgres-outbound-rules.png
  9. Create the outbound rule (if it doesn't exist). Click Edit outbound rules and edit the rules to allow outbound traffic to ports 1024-65535 for Destination 0.0.0.0/0.

Step 2: Create writer user

Create a database user to perform the writing of the source data.

  1. Open a connection to your Amazon RDS PostgreSQL database.
  2. Create a user for the data transfer by executing the following SQL command.

    • CREATE USER <username> PASSWORD '<some-password>';
      
  3. Grant user create and temporary privileges on the database. create allows the service to create new schemas and temporary allows the service to create temporary tables.
GRANT CREATE, TEMPORARY ON DATABASE <database> TO <username>;

If the schema already exists:

By default, the service creates a new schema based on the destination configuration (in the next step). If you prefer to create the schema yourself before connecting the destination, you must ensure that the writer user has the proper permissions on the schema, using GRANT ALL ON schema TO <username>;

Step 4: Add Your Destination

  1. After completing the initial setup, provide the host address of your AWS RDS Postgres database to a Zuora representative. They will use this information to create a connection link for you. 
  2. Using the provided link, you can securely input your AWS RDS Postgres details, including the port, database name, schema, and authentication credentials. 
  3. Once you fill in these details and test the connection, saving the destination will initiate the onboarding process and begin transferring data from Zuora to your AWS RDS Postgres database.

Verification and Data Transfer 

Once data synchronization is configured with the AWS RDS Postgres connector, the data is automatically transferred to the specified AWS RDS Postgres database. This enables direct access and querying of the data within your AWS RDS Postgres environment or through compatible data analysis tools. You can seamlessly manage and analyze this data within your AWS RDS Postgres ecosystem.

Format of Transferred Data

For AWS RDS Postgres, the transferred data will be loaded as properly typed tables within a single schema in the database. Additionally, a special _transfer_status table will be created within the schema to record transfer metadata, specifically including a transfer_last_updated_at timestamp for each table. This table helps track the last update time for the transferred data, facilitating data management and synchronization processes.