Using Amazon Aurora

Phoenix supports IAM database authentication for PostgreSQL connections to Amazon Aurora/RDS.

First, ensure that Phoenix runs with valid AWS credentials, either by using an IAM role attached to the instance (EC2/ECS/EKS), or by configuring AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Configuring AWS_DEFAULT_REGION is required.

The IAM role will need a rds-db:connect policy associated with it.

# Standard AWS configuration
export AWS_DEFAULT_REGION=us-east-2  ## REQUIRED
export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
# OR use ~/.aws/credentials and ~/.aws/config
# OR use IAM role (EC2/ECS/EKS)

Then, configure Phoenix to use the Amazon Aurora/RDS instance with IAM-based authentication. Importantly, be sure to configure the token refresh lifetime to be safely under the expiration time of the token (e.g. 720 seconds < 15 minutes).

# Enable IAM authentication and set refresh time
export PHOENIX_POSTGRES_USE_AWS_IAM_AUTH=true
export PHOENIX_POSTGRES_AWS_IAM_TOKEN_LIFETIME_SECONDS=720

# Database connection
export PHOENIX_POSTGRES_HOST=mydb.us-east-2.rds.amazonaws.com
export PHOENIX_POSTGRES_USER=iam_db_user
export PHOENIX_POSTGRES_DB=phoenix

PreviousConfiguration NextDocker

Last updated 8 days ago

Was this helpful?