Configuring your existing Postgres database for Springtail.
SUPERUSER
privileges allows Springtail to fully manage replication slots, publications, and triggers for the logical replication stream.In Amazon RDS, the user must be granted the rds_superuser
role.To create this user, use the following command, replacing <secret_password>
with your desired password:By default all users have access to the tables within the pg_catalog schema that Springtail requires. However, if you are not using the default permissions, the Springtail user will require access to: pg_class, pg_namespace, pg_attribute, pg_index, pg_collation, pg_type, pg_constraint, pg_database, pg_roles
<role>
with your desired user name and <secret_password>
with your desired password:CONNECT
access to each database:SELECT
access to the desired resources:REPLICA IDENTITY FULL
which will ensure that the entire row is sent whenever updates or deletes are performed against the table.pg_shadow
database tables; unfortunately, this table is not accessible on AWS RDS or Aurora instances. If using a MD5 or SCRAM hash as the password, the Primary database must be setup to accept that form of authentication for that user. Using a SCRAM hash is the most secure, as the hash by itself is not sufficient to log into the Primary (it is combined with a client secret that is extracted by the Proxy when the client authenticates to the Proxy).