DB cluster parameter group settings for Babelfish - Amazon Aurora
Babelfish SSL settings and client connections
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

DB cluster parameter group settings for Babelfish

When you create an Aurora PostgreSQL DB cluster and choose Turn on Babelfish, a DB cluster parameter group is created for you automatically if you choose Create new. This DB cluster parameter group is based on the Aurora PostgreSQL DB cluster parameter group for the Aurora PostgreSQL version chosen for the install, for example, Aurora PostgreSQL version 14. It's named using the following general pattern: 

custom-aurora-postgresql14-babelfish-compat-3

You can change the following settings during the cluster creation process but some of these can't be changed once they're stored in the custom parameter group, so choose carefully:

  • Single database or Multiple databases

  • Default collation locale

  • Collation name

  • DB parameter group

To use an existing Aurora PostgreSQL DB cluster version 13 or higher parameter group, edit the group and set the babelfish_status parameter to on. Specify any Babelfish options before creating your Aurora PostgreSQL cluster. To learn more, see Parameter groups for Amazon Aurora.

The following parameters control Babelfish preferences. Unless otherwise stated in the Description, parameters are modifiable. The default value is included in the description. To see the allowable values for any parameter, do as follows:

Note

When you associate a new DB parameter group with a DB instance, the modified static and dynamic parameters are applied only after the DB instance is rebooted. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these changes are applied immediately without a reboot.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon RDS console at https://console.amazonaws.cn/rds/.

  2. Choose Parameter groups from the navigation menu.

  3. Choose the default.aurora-postgresql14 DB cluster parameter group from the list.

  4. Enter the name of a parameter in the search field. For example, enter babelfishpg_tsql.default_locale in the search field to display this parameter and its default value and allowable settings.

    Note

    Babelfish for Aurora PostgreSQL global databases works in secondary regions only if the following parameters are turned on in those regions.

Parameter Description Apply Type Is Modifiable

babelfishpg_tds.tds_default_numeric_scale

Sets the default scale of numeric type to be sent in the TDS column metadata if the engine doesn't specify one. (Default: 8) (Allowable: 0–38)

dynamic

true

babelfishpg_tds.tds_default_numeric_precision

An integer that sets the default precision of numeric type to be sent in the TDS column metadata if the engine doesn't specify one. (Default: 38) (Allowable: 1–38)

dynamic

true

babelfishpg_tds.tds_default_packet_size

An integer that sets the default packet size for connecting SQL Server clients. (Default: 4096) (Allowable: 512–32767)

dynamic

true

babelfishpg_tds.tds_default_protocol_version

An integer that sets a default TDS protocol version for connecting clients. (Default: DEFAULT) (Allowable: TDSv7.0, TDSv7.1, TDSv7.1.1, TDSv7.2, TDSv7.3A, TDSv7.3B, TDSv7.4, DEFAULT)

dynamic

true

babelfishpg_tds.default_server_name

A string that identifies the default name of the Babelfish server. (Default: Microsoft SQL Server) (Allowable: null)

dynamic

true

babelfishpg_tds.tds_debug_log_level

An integer that sets the logging level in TDS; 0 turns off logging. (Default: 1) (Allowable: 0, 1, 2, 3)

dynamic

true

babelfishpg_tds.listen_addresses

A string that sets the host name or IP address or addresses to listen for TDS on. This parameter can't be modified after the Babelfish DB cluster is created. (Default: * ) (Allowable: null)

false

babelfishpg_tds.port

An integer that specifies the TCP port used for requests in SQL Server syntax. (Default: 1433) (Allowable: 1–65535)

static

true

babelfishpg_tds.tds_ssl_encrypt

A boolean that turns encryption on (0) or off (1) for data traversing the TDS listener port. For detailed information about using SSL for client connections, see Babelfish SSL settings and client connections. (Default: 0) (Allowable: 0, 1)

dynamic

true

babelfishpg_tds.tds_ssl_max_protocol_version

A string that specifies the highest SSL/TLS protocol version to use for the TDS session. (Default: 'TLSv1.2') (Allowable: 'TLSv1', 'TLSv1.1', 'TLSv1.2')

dynamic

true

babelfishpg_tds.tds_ssl_min_protocol_version

A string that specifies the minimum SSL/TLS protocol version to use for the TDS session. (Default: 'TLSv1.2' from Aurora PostgreSQL version 16, 'TLSv1' for versions older than Aurora PostgreSQL version 16) (Allowable: 'TLSv1', 'TLSv1.1', 'TLSv1.2')

dynamic

true

babelfishpg_tds.unix_socket_directories

A string that identifies the TDS server Unix socket directory. This parameter can't be modified after the Babelfish DB cluster is created. (Default: /tmp) (Allowable: null)

false

babelfishpg_tds.unix_socket_group

A string that identifies the TDS server Unix socket group. This parameter can't be modified after the Babelfish DB cluster is created. (Default: rdsdb) (Allowable: null)

false

babelfishpg_tsql.default_locale

A string that specifies the default locale used for Babelfish collations. The default locale is the locale only and doesn't include any qualifiers.

Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, changes to this parameter are ignored. (Default: en_US) (Allowable: See tables)

static

true

babelfishpg_tsql.migration_mode

A non-modifiable list that specifies support for single- or multiple user databases. Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, you can't modify this parameter's value. (Default: multi-db from Aurora PostgreSQL version 16, single-db for versions older than Aurora PostgreSQL version 16) (Allowable: single-db, multi-db,null)

static

true

babelfishpg_tsql.server_collation_name

A string that specifies the name of the collation used for server-level actions. Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, don't modify the value of this parameter. (Default: bbf_unicode_general_ci_as) (Allowable: See tables)

static

true

babelfishpg_tsql.version

A string that sets the output of @@VERSION variable. Don't modify this value for Aurora PostgreSQL DB clusters. (Default: null) (Allowable: default)

dynamic

true

rds.babelfish_status

A string that sets the state of Babelfish functionality. When this parameter is set to datatypesonly, Babelfish is turned off but SQL Server data types are still available. (Default: off) (Allowable: on, off, datatypesonly)

static

true

unix_socket_permissions

An integer that sets the TDS server Unix socket permissions. This parameter can't be modified after the Babelfish DB cluster is created. (Default: 0700) (Allowable: 0–511)

false

Babelfish SSL settings and client connections

When a client connects to the TDS port (default 1433), Babelfish compares the Secure Sockets Layer (SSL) setting sent during the client handshake to the Babelfish SSL parameter setting (tds_ssl_encrypt). Babelfish then determines if a connection is allowed. If a connection is allowed, encryption behavior is either enforced or not, depending on your parameter settings and the support for encryption offered by the client.

The table following shows how Babelfish behaves for each combination.

Client SSL setting Babelfish SSL setting Connection allowed? Value returned to client

ENCRYPT_OFF

tds_ssl_encrypt=0

Allowed, the login packet is encrypted

ENCRYPT_OFF

ENCRYPT_OFF

tds_ssl_encrypt=1

Allowed, the entire connection is encrypted

ENCRYPT_REQ

ENCRYPT_ON

tds_ssl_encrypt=0

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_ON

tds_ssl_encrypt=1

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_NOT_SUP

tds_ssl_encrypt=0

 Yes

ENCRYPT_NOT_SUP

ENCRYPT_NOT_SUP

tds_ssl_encrypt=1

No, connection closed

ENCRYPT_REQ

ENCRYPT_REQ

tds_ssl_encrypt=0

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_REQ

tds_ssl_encrypt=1

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_CLIENT_CERT

tds_ssl_encrypt=0

No, connection closed

Unsupported

ENCRYPT_CLIENT_CERT

tds_ssl_encrypt=1

No, connection closed

Unsupported