This topic gives you reference information about the Amazon RDS for PostgreSQL (csb-aws-postgresql) service. It details the plan and service instance configuration parameters, and binding credentials.
Plan Configuration Parameters
When configuring Cloud Service Broker for AWS you can add additional plans. For instructions on how to configure plans, see Configure Services with Cloud Service Broker for AWS.
The following table lists parameters which can only be configured for additional plans:
| Parameter name | Description | Default | Required |
|---|---|---|---|
name |
The plan name. | n/a | Yes |
id |
A unique GUID. | n/a | Yes |
description |
Description of the new plan. | n/a | Yes |
free |
When false, service instances of this service plan have a cost. | true | No |
bindable |
Specifies whether service instances of the service plan can bind to applications. | true | No |
plan_updateable |
Whether the plan supports upgrading, downgrading, or sidegrading to another version. | true | No |
metadata.displayName |
Name to use when displaying the plan in the Marketplace. | n/a | No |
metadata.bullets |
List of bullet points to display in Apps Manager. | n/a | No |
You can also add any of the parameters listed in the Configuration Parameters section to your plan.
To create plans with specific size and versions, set instance_class, storage_gb, and postgres_version properties.
NoteIf you set a parameter at plan level, developers cannot change the value when creating or updating service instances.
Configuration Parameters
You can provision a service by running:
cf create-service csb-aws-postgres PLAN-NAME SERVICE-INSTANCE-NAME -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}
You can update the configuration parameters for a service instance by running:
cf update-service SERVICE-INSTANCE-NAME -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'
ImportantWhen creating an object within a
csb-aws-postgresservice instance, you must first assign the group’s role withSET ROLE binding_user_group. For more information about this issue with object ownership, see the Troubleshooting page.
The following table lists the parameters that you can configure, by using the -c flag, when provisioning or updating a csb-aws-postgres service. The Operation column displays whether a parameter is supported for both provision and update, or for provision only:
| Parameter name | Type | Description | Default | Operation |
|---|---|---|---|---|
postgres_version |
String | Required - The version for the PostgreSQL instance. Can be any supported major or minor version. | None | provision and update |
storage_gb |
Number | Required - Size of storage volume for service instance. The minimum size is 5 GB. | None | provision and update |
cores |
Integer | Deprecated - Minimum number of cores for the service instance. 2–64, multiples of 2. Use instance_class instead. |
None | provision and update |
instance_class |
String | Required unless cores is defined in plan - the AWS database instance class. For more information about database instance classes, see the AWS documentation. | "" |
provision and update |
storage_type |
String | Type of storage to be used. One of standard (magnetic), gp2 (general purpose SSD), gp3 (general purpose SSD), or io1 (provisioned IOPS SSD). |
io1 |
provision and update |
iops |
Integer | The amount of provisioned IOPS. For this property to take effect, storage_type must be set to io1 or gp3. Cannot be specified for gp3 storage if the storage_gb value is below a per-engine threshold. If below the threshold, set this property value to 0. For more information, see the Amazon RDS user guide. |
3000 |
provision and update |
instance_name |
String | The name of the AWS instance to create. | csb-postgresql-INSTANCE-ID |
provision |
db_name |
String | Name for the database to create | vsbdb |
provision |
region |
String | The AWS region and availability zone (AZ) in which to deploy the service. For more information about available regions, see the AWS documentation. | us-west-2 |
provision |
multi_az |
Boolean | If true, create a Multi-AZ (HA) instance. For more information about Multi-AZ deployments, see the AWS documentation. |
false |
provision and update |
publicly_accessible |
Boolean | If true, make instance available to public connections. |
false |
provision and update |
allow_major_version_upgrade |
Boolean | Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible. | true |
provision and update |
auto_minor_version_upgrade |
Boolean | Indicates that minor engine upgrades are applied automatically to the database instance during the maintenance window | true |
provision and update |
maintenance_day |
String | The preferred maintenance day: Sun, Mon, Tue, Wed, Thu, Fri, or Sat. It can only be updated to a non-null value. |
Uses AWS default value for the region if all maintenance_* properties are null when creating the instance |
provision and update |
maintenance_start_hour |
String | The preferred maintenance start hour. Valid values are 00 through 23. It can only be updated to a non-null value. |
Uses AWS default value for the region if all maintenance_* properties are null when creating the instance |
provision and update |
maintenance_start_min |
String | The preferred maintenance start minute. Valid values are 00, 15, 30, 45. It can only be updated to a non-null value. |
Uses AWS default value for the region if all maintenance_* properties are null when creating the instance |
provision and update |
maintenance_end_hour |
String | The preferred maintenance end hour. Valid values are 00 through 23. It can only be updated to a non-null value. |
Uses AWS default value for the region if all maintenance_* properties are null when creating the instance |
provision and update |
maintenance_end_min |
String | The preferred maintenance end minute. Valid values are 00, 15, 30, 45. It can only be updated to a non-null value. |
Uses AWS default value for the region if all maintenance_* properties are null when creating the instance |
provision and update |
backup_retention_period |
Integer | The number of days for which automatic backups are kept. Set the value to 0 to deactivate automated backups. An outage occurs if you change the backup retention period from 0 to a nonzero value or the reverse. This applies to both Single-AZ and Multi-AZ database instances. | 7 |
provision and update |
backup_window |
String | The daily time range in UTC during which automated backups are created. For example, 09:46-10:16. It must not overlap with the maintenance window. It can only be updated to a non-null value. For more information, see the AWS documentation. |
Uses AWS default value for the region | provision and update |
delete_automated_backups |
Boolean | Specifies whether to remove automated backups immediately after the database instance is deleted | true |
provision and update |
copy_tags_to_snapshot |
Boolean | Copy all instance tags to snapshots | true |
provision and update |
storage_encrypted |
Boolean | If true, database storage is encrypted |
false |
provision |
kms_key_id |
String | The ARN for the KMS encryption key. Enable the storage_encrypted property if the key is specified. Use the ARN in this field, not the ID as the name might suggest.Amazon RDS-encrypted database instances provide an additional layer of data protection by securing data from unauthorized access to the underlying storage. Amazon RDS uses an AWS KMS key to encrypt these resources. You can use a custom key with the configuration that you want. |
"" |
provision |
parameter_group_name |
String | The PostgreSQL parameter group name for the service instance. By default, a parameter group is created for each instance, and used to apply security settings. If you set a custom parameter group, it might override other settings, including security settings. Do not introduce this property during a service instance update because it causes the update to fail. However, you can edit or unset an existing value during a service instance update. |
"" |
provision and update |
deletion_protection |
Boolean | Whether deletion protection is enabled. The database cannot be deleted when this value is set. | false |
provision and update |
aws_vpc_id |
String | The Virtual Private Cloud (VPC) to connect the instance to | The default VPC | provision and update |
rds_subnet_group |
String | The name of the subnet to attach the database instance to. This overrides aws_vpc_id. |
"" |
provision and update |
rds_vpc_security_group_ids |
Comma-separated String | Security group IDs to assign to the database instance. | "" |
provision |
require_ssl |
Boolean | Only allow secure database connections. | false |
provision and update |
provider_verify_certificate |
Boolean | Whether to verify the certificate of the database server when creating bindings. | true |
provision and update |
storage_autoscale |
Boolean | Enable storage autoscaling up to storage_autoscale_limit_gb if true and storage_autoscale_limit_gb is greater than 0. |
false |
provision and update |
storage_autoscale_limit_gb |
Integer | Maximum storage size if storage_autoscale is set to true. The value must be higher than storage_gb. Autoscaling is deactivated if this value is less than storage_gb or no value is set. |
0 |
provision and update |
monitoring_interval |
Integer | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the database instance. To stop collecting Enhanced Monitoring metrics, enter 0. Valid values: 0, 1, 5, 10, 15, 30, 60. A monitoring_role_arn value is required if you enter a monitoring_interval value other than 0. |
0 |
provision and update |
monitoring_role_arn |
String | Enhanced Monitoring requires permission to act on your behalf to send OS metric information to CloudWatch Logs. This property represents the ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | "" |
provision and update |
performance_insights_enabled |
Boolean | Specifies whether Performance Insights are enabled. Performance Insights expands on existing Amazon RDS monitoring features to illustrate your database performance and help you analyze it. From the Performance Insights dashboard you can visualize the database load on your Amazon RDS database instance load and filter the load by wait types, SQL statements, hosts, or users. | false |
provision and update |
performance_insights_kms_key_id |
String | The ARN for the KMS key to encrypt Performance Insights data. When specifying performance_insights_kms_key_id, set performance_insights_enabled as true. After the KMS key is set, it can never be changed. |
"" |
provision and update |
performance_insights_retention_period |
Integer | The number of days for which to retain Performance Insights data. The value must be 7, NUMBER-OF-MONTHS * 31 (where NUMBER-OF-MONTHS is 1-23), or 731.For example, the following values are valid: 93 (because it's 3 months * 31), 341 (because it's 11 months * 31), 589 (because it's 19 months * 31), and 731.If you specify an invalid retention period, such as 94, RDS issues an error. |
7 |
provision and update |
enable_export_postgresql_logs |
Boolean | If true, it enables the PostgreSQL cloud_watch_log_export on the RDS instance. It requires setting parameter_group_name with a pre-created Parameter Group that fulfills requirements for PostgreSQL log exports. For config options, see the AWS documentation.When activated, it creates an associated PostgreSQL CloudWatch log group. When deactivated, the associated PostgreSQL CloudWatch log group is deleted. |
false |
provision and update |
cloudwatch_postgresql_log_group_retention_in_days |
Integer | If provided, it specifies the number of days you want to retain log events in the postgresql log group. It is used in conjunction with enable_export_postgresql_logs. If you select 0, the events in the log group are always retained and never expire. |
30 |
provision and update |
enable_export_upgrade_logs |
Boolean | If true, it enables the upgrade cloud_watch_log_export on the RDS instance. The upgrade log group only receives logs after a major upgrade happens (in other words, when the pgupgrade module is invoked).When activated, it creates an associated upgrade CloudWatch log group. When deactivated, the associated upgrade CloudWatch log group is deleted. |
false |
provision and update |
cloudwatch_upgrade_log_group_retention_in_days |
Integer | If provided, it specifies the number of days you want to retain log events in the upgrade log group. It is used in conjunction with enable_export_upgrade_logs. If you select 0, the events in the log group are always retained and never expire. |
30 |
provision and update |
cloudwatch_log_groups_kms_key_id |
String | Log group data is always encrypted in CloudWatch Logs. By default, CloudWatch Logs uses server-side encryption for the log data at rest. As an alternative, you can use AWS Key Management Service (AWS KMS) for this encryption. If you use AWS KMS, the encryption is done by using an AWS KMS customer-managed key. This property, if provided, sets the customer-managed key to use for encrypting the CloudWatch log group created for the RDS PostgreSQL and upgrade logs. It is used in conjunction with enable_export_postgresql_logs and enable_export_upgrade_logs. |
"" |
provision and update |
aws_access_key_id |
String | The AWS Access Key to use for an instance. | The value the operator entered for AWS Access Key in Ops Manager. | provision and update |
aws_secret_access_key |
String | The corresponding secret for the AWS Access Key to use for an instance. | The value the operator entered for AWS Secret Access Key in Ops Manager. | provision and update |
admin_username |
String | The username to use for the admin user of the database. When not specified, a random username is generated. This property should only be used when migrating data. | "" |
provision |
Binding
You can bind a service by running:
cf bind-service APP-NAME SERVICE-INSTANCE-NAME --binding-name BINDING-NAME
Binding Credentials
The format for binding credentials for PostgreSQL is as follows:
{
"name" : "DATABASE-NAME",
"hostname" : "DATABASE-SERVER-HOST",
"port" : "DATABASE-SERVER-PORT",
"username" : "AUTHENTICATION-USERNAME",
"password" : "AUTHENTICATION-PASSWORD",
"uri" : "DATABASE-CONNECTION-URI",
"use_tls" : true,
"jdbcUrl" : "JDBC-FORMAT-CONNECTION-URL"
}
A binding or service key corresponds to a user in PostgreSQL. By default, PostgreSQL users do not have have access to data written by other users. For bindings to have access to the same data, the public schema can be used, or a schema can be created and access can be granted to other users.
When a binding or service key is deleted, data owned by the PostgreSQL user is re-assigned to a role called binding_user_group before the user is deleted. This ensures that other bindings still have access to the data.
Previously Provided Pre-configured Plans
The following table lists the previously provided plans for the Amazon RDS for PostgreSQL service:
| Plan | Description |
|---|---|
| small | PostgreSQL 11, 2 vCPUs, 8 GB RAM, 5 GB storage |
| medium | PostgreSQL 11, 4 vCPUs, 16 GB RAM, 10 GB storage |
| large | PostgreSQL 11, 8 vCPUs, 32 GB RAM, 20 GB storage |
To keep these plans in this version of the broker, add them through the tile as custom plans. For how to configure plans through the tile, see Configure services with Cloud Service Broker for AWS.
Add the following block to keep the small plan:
{
"name": "small",
"id": "ffc51616-228b-41bd-bed1-d601c18d58f5",
"description": "PostgreSQL 11, minimum 2 cores, minimum 4GB ram, 5GB storage",
"cores": 2,
"storage_gb": 5,
"storage_type": "gp2",
"postgres_version": 11,
"metadata": {
"displayName": "small",
"bullets": ["PostgreSQL 11", "minimum 2 cores", "minimum 4GB ram", "5GB storage"]
}
}
Add the following block to keep the medium plan:
{
"name": "medium",
"id": "e64d07f9-ceb2-40a6-abd9-391047fa3cf5",
"description": "PostgreSQL 11, minimum 4 cores, minimum 8GB ram, 10GB storage",
"cores": 4,
"storage_gb": 10,
"storage_type": "gp2",
"postgres_version": 11,
"metadata": {
"displayName": "medium",
"bullets": ["PostgreSQL 11", "minimum 4 cores", "minimum 8GB ram", "10GB storage"]
}
}
Add the following block to keep the large plan:
{
"name": "large",
"id": "48baef10-a14c-4ae1-aab5-25f26eba941a",
"description": "PostgreSQL 11, minimum 8 cores, minimum 16GB ram, 20GB storage",
"cores": 8,
"storage_gb": 20,
"storage_type": "gp2",
"postgres_version": 11,
"metadata": {
"displayName": "large",
"bullets": ["PostgreSQL 11", "minimum 8 cores", "minimum 16GB ram", "20GB storage"]
}
}
