This topic describes how you can configure your AWS RDS PostgreSQL configuration for Supply Chain Security Tools (SCST) - Store.
You must have an AWS account.
To set up a certificate and configuration:
Create an Amazon RDS Postgres using the Amazon RDS Getting Started Guide
After the database instance starts, retrieve the following information:
NoteIf the database name is
-
in the AWS RDS UI, the value is likely to bepostgres
.
Create a security group to allow inbound connections from the cluster to the Postgres DB
Retrieve the corresponding CA Certificate that signed the Postgres TLS Certificate using the following link
In the metadata-store-values.yaml
fill the following settings:
db_host: "<DB Instance Endpoint>"
db_user: "<Master Username>"
db_password: "<Master Password>"
db_name: "<Database Name>"
db_port: "5432"
db_sslmode: "verify-full"
db_max_open_conns: 10
db_max_idle_conns: 100
db_conn_max_lifetime: 60
db_ca_certificate: |
<Corresponding CA Certification>
...
...
...
deploy_internal_db: "false"
NoteIf
deploy_internal_db
is set tofalse,
an instance of Postgres will not be deployed in the cluster.