DB cluster parameter group settings for Babelfish
When you create an Aurora PostgreSQL DB cluster and choose Turn on Babelfish, a DB cluster parameter group is created for you automatically if you choose Create new. This DB cluster parameter group is based on the Aurora PostgreSQL DB cluster parameter group for the Aurora PostgreSQL version chosen for the install, for example, Aurora PostgreSQL version 14. It's named using the following general pattern:
custom-aurora-postgresql14-babelfish-compat-3
You can change the following settings during the cluster creation process but some of these can't be changed once they're stored in the custom parameter group, so choose carefully:
Single database or Multiple databases
Default collation locale
Collation name
Babelfish TDS port
DB parameter group
To use an existing Aurora PostgreSQL DB cluster version 13 or higher parameter group, edit the group and set the
babelfish_status
parameter to on
. Specify any
Babelfish options before creating your Aurora PostgreSQL cluster. To learn more,
see Working with parameter groups.
The following parameters control Babelfish preferences. Unless otherwise stated in the Description, parameters are modifiable. The default value is included in the description. To see the allowable values for any parameter, do as follows:
Sign in to the Amazon Web Services Management Console and open the Amazon RDS console at https://console.amazonaws.cn/rds/
. Choose Parameter groups from the navigation menu.
Choose the
default.aurora-postgresql14
DB cluster parameter group from the list.Enter the name of a parameter in the search field. For example, enter
babelfishpg_tsql.default_locale
in the search field to display this parameter and its default value and allowable settings.
Parameter | Description |
---|---|
babelfishpg_tds.tds_default_numeric_scale |
Sets the default scale of numeric type to be sent in the TDS column metadata if the engine doesn't specify one. (Default: 8) (Allowable: 0–38) |
babelfishpg_tds.tds_default_numeric_precision |
An integer that sets the default precision of numeric type to be sent in the TDS column metadata if the engine doesn't specify one. (Default: 38) (Allowable: 1–38) |
babelfishpg_tds.tds_default_packet_size |
An integer that sets the default packet size for connecting SQL Server clients. (Default: 4096) (Allowable: 512–32767) |
babelfishpg_tds.tds_default_protocol_version |
An integer that sets a default TDS protocol version for connecting clients. (Default: DEFAULT) (Allowable: TDSv7.0, TDSv7.1, TDSv7.1.1, TDSv7.2, TDSv7.3A, TDSv7.3B, TDSv7.4, DEFAULT) |
babelfishpg_tds.default_server_name |
A string that identifies the default name of the Babelfish server. (Default: Microsoft SQL Server) (Allowable: null) |
babelfishpg_tds.enable_tds_debug_log_level |
An integer that sets the logging level in TDS; 0 turns off logging. (Default: 1) (Allowable: 0, 1, 2, 3) |
babelfishpg_tds.listen_addresses |
A string that sets the host name or IP address or addresses to listen for TDS on. This parameter can't be modified after the Babelfish DB cluster is created. (Default: * ) (Allowable: null) |
babelfishpg_tds.port |
An integer that specifies the TCP port used for requests in SQL Server syntax. (Default: 1433) (Allowable: 1–65535) |
babelfishpg_tds.tds_ssl_encrypt |
A boolean that turns encryption on (0) or off (1) for data traversing the TDS listener port. For detailed information about using SSL for client connections, see Babelfish SSL settings and client connections. (Default: 0) (Allowable: 0, 1) |
babelfishpg_tds.tds_ssl_max_protocol_version |
A string that specifies the highest SSL/TLS protocol version to use for the TDS session. (Default: 'TLSv1.2') (Allowable: 'TLSv1', 'TLSv1.1', 'TLSv1.2') |
babelfishpg_tds.tds_ssl_min_protocol_version |
A string that specifies the minimum SSL/TLS protocol version to use for the TDS session. (Default: 'TLSv1') (Allowable: 'TLSv1', 'TLSv1.1', 'TLSv1.2') |
babelfishpg_tds.unix_socket_directories |
A string that identifies the TDS server Unix socket directory. This parameter can't be modified after the Babelfish DB cluster is created. (Default: /tmp) (Allowable: null) |
babelfishpg_tds.unix_socket_group |
A string that identifies the TDS server Unix socket group. This parameter can't be modified after the Babelfish DB cluster is created. (Default: rdsdb) (Allowable: null) |
babelfishpg_tsql.default_locale |
A string that specifies the default locale used for Babelfish collations. The default locale is the locale only and doesn't include any qualifiers. Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, changes to this parameter are ignored. (Default: en_US) (Allowable: See tables) |
babelfishpg_tsql.migration_mode |
A non-modifiable list that specifies support for single- or multiple user databases. Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, you can't modify this parameter's value. (Default: single-db) (Allowable: single-db, multi-db,null) |
babelfishpg_tsql.server_collation_name |
A string that specifies the name of the collation used for server-level actions. Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, don't modify the value of this parameter. (Default: bbf_unicode_general_ci_as) (Allowable: See tables) |
babelfishpg_tsql.version |
A string that sets the output of @@VERSION variable. Don't modify this value for Aurora PostgreSQL DB clusters. (Default: null) (Allowable: default) |
rds.babelfish_status |
A string that sets the state of Babelfish functionality. When this parameter is set to
|
unix_socket_permissions |
An integer that sets the TDS server Unix socket permissions. This parameter can't be modified after the Babelfish DB cluster is created. (Default: 0700) (Allowable: 0–511) |
Babelfish SSL settings and client connections
When a client connects to the TDS port (default 1433
), Babelfish compares the Secure
Sockets Layer (SSL) setting sent during the client handshake to the Babelfish
SSL parameter setting (tds_ssl_encrypt
). Babelfish then
determines if a connection is allowed. If a connection is allowed, encryption
behavior is either enforced or not, depending on your parameter settings and the
support for encryption offered by the client.
The table following shows how Babelfish behaves for each combination.
Client SSL setting | Babelfish SSL setting | Connection allowed? | Value returned to client |
---|---|---|---|
ENCRYPT_OFF |
tds_ssl_encrypt=0 |
Allowed, the login packet is encrypted |
ENCRYPT_OFF |
ENCRYPT_OFF |
tds_ssl_encrypt=1 |
Allowed, the entire connection is encrypted |
ENCRYPT_REQ |
ENCRYPT_ON |
tds_ssl_encrypt=0 |
Allowed, the entire connection is encrypted |
ENCRYPT_ON |
ENCRYPT_ON |
tds_ssl_encrypt=1 |
Allowed, the entire connection is encrypted |
ENCRYPT_ON |
ENCRYPT_NOT_SUP |
tds_ssl_encrypt=0 |
Yes | ENCRYPT_NOT_SUP |
ENCRYPT_NOT_SUP |
tds_ssl_encrypt=1 |
No, connection closed |
ENCRYPT_REQ |
ENCRYPT_REQ |
tds_ssl_encrypt=0 |
Allowed, the entire connection is encrypted |
ENCRYPT_ON |
ENCRYPT_REQ |
tds_ssl_encrypt=1 |
Allowed, the entire connection is encrypted |
ENCRYPT_ON |
ENCRYPT_CLIENT_CERT |
tds_ssl_encrypt=0 |
No, connection closed |
Unsupported |
ENCRYPT_CLIENT_CERT |
tds_ssl_encrypt=1 |
No, connection closed |
Unsupported |
Client authentication to Babelfish
Babelfish for Aurora PostgreSQL supports password authentication. Passwords are stored in encrypted form on disk. For more information about authentication on an Aurora PostgreSQL cluster, see Security with Amazon Aurora PostgreSQL.
You might be prompted for credentials each time you connect to Babelfish. Any user migrated to or created on Aurora PostgreSQL can use the same credentials on both the SQL Server port and the PostgreSQL port. Babelfish doesn't enforce password policies, but we recommend that you do the following:
Require a complex password that's at least eight (8) characters long.
Enforce a password expiration policy.
To review a complete list of database users, use the command SELECT * FROM
pg_user;
.