PostgreSQL on Amazon RDS
Amazon RDS supports DB instances running several versions of PostgreSQL. For a list of available versions, see Available PostgreSQL database versions.
Deprecation of PostgreSQL 9.6 is scheduled for April 26, 2022. For more information, see Deprecation of PostgreSQL version 9.6.
You can create DB instances and DB snapshots, point-in-time restores and backups. DB instances running PostgreSQL support Multi-AZ deployments, read replicas, Provisioned IOPS, and can be created inside a virtual private cloud (VPC). You can also use Secure Socket Layer (SSL) to connect to a DB instance running PostgreSQL.
Before creating a DB instance, make sure to complete the steps in Setting up for Amazon RDS.
You can use any standard SQL client application to run commands for the instance from your client computer. Such applications include pgAdmin, a popular Open Source administration and development tool for PostgreSQL, or psql, a command line utility that is part of a PostgreSQL installation. To deliver a managed service experience, Amazon RDS doesn't provide host access to DB instances. Also, it restricts access to certain system procedures and tables that require advanced privileges. Amazon RDS supports access to databases on a DB instance using any standard SQL client application. Amazon RDS doesn't allow direct host access to a DB instance by using Telnet or Secure Shell (SSH).
Amazon RDS for PostgreSQL is compliant with many industry standards. For example, you can use
Amazon RDS for PostgreSQL databases to build HIPAA-compliant applications and to store
healthcare-related information. This includes storage for protected health information (PHI)
under a completed Business Associate Agreement (BAA) with Amazon. Amazon RDS for PostgreSQL also
meets Federal Risk and Authorization Management Program (FedRAMP) security requirements.
Amazon RDS for PostgreSQL has received a FedRAMP Joint Authorization Board (JAB) Provisional
Authority to Operate (P-ATO) at the FedRAMP HIGH Baseline within the Amazon GovCloud (US) Regions.
For more information on supported compliance standards, see Amazon cloud compliance
To import PostgreSQL data into a DB instance, follow the information in the Importing data into PostgreSQL on Amazon RDS section.
Topics
- Common management tasks for Amazon RDS for PostgreSQL
- Working with the database preview environment
- Limitations for PostgreSQL DB instances
- Available PostgreSQL database versions
- Deprecated versions for Amazon RDS for PostgreSQL
- Supported PostgreSQL extension versions
- Connecting to a DB instance running the PostgreSQL database engine
- Securing connections to RDS for PostgreSQL with SSL/TLS
- Using Kerberos authentication with Amazon RDS for PostgreSQL
- Using a custom DNS server for outbound network access
- Upgrading the PostgreSQL DB engine for Amazon RDS
- Upgrading a PostgreSQL DB snapshot engine version
- Working with read replicas for Amazon RDS for PostgreSQL
- Importing data into PostgreSQL on Amazon RDS
- Exporting data from an RDS for PostgreSQL DB instance to Amazon S3
- Invoking an Amazon Lambda function from an RDS for PostgreSQL DB instance
- Working with PostgreSQL features supported by Amazon RDS for PostgreSQL
- Common DBA tasks for Amazon RDS for PostgreSQL
- Using PostgreSQL extensions with Amazon RDS for PostgreSQL
- Working with the supported foreign data wrappers for Amazon RDS for PostgreSQL
Common management tasks for Amazon RDS for PostgreSQL
The following are the common management tasks you perform with an Amazon RDS for PostgreSQL DB instance, with links to relevant documentation for each task.
Task area | Relevant documentation |
---|---|
Setting up Amazon RDS for first-time use Before you can create your DB instance, make sure to complete a few prerequisites. For example, DB instances are created by default with a firewall that prevents access to it. So you need to create a security group with the correct IP addresses and network configuration to access the DB instance. |
|
Understanding Amazon RDS DB instances If you are creating a DB instance for production purposes, you should understand how instance classes, storage types, and Provisioned IOPS work in Amazon RDS. |
|
Finding available PostgreSQL versions Amazon RDS supports several versions of PostgreSQL. |
|
Setting up high availability and failover support A production DB instance should use Multi-AZ deployments. Multi-AZ deployments provide increased availability, data durability, and fault tolerance for DB instances. |
|
Understanding the Amazon Virtual Private Cloud (VPC) network If your Amazon account has a default VPC, then your DB instance is automatically created inside the default VPC. In some cases, your account might not have a default VPC, and you might want the DB instance in a VPC. In these cases, create the VPC and subnet groups before you create the DB instance. |
Determining whether you are using the EC2-VPC or EC2-Classic platform |
Importing data into Amazon RDS PostgreSQL You can use several different tools to import data into your PostgreSQL DB instance on Amazon RDS. |
|
Setting up read-only read replicas (primary and standbys) RDS for PostgreSQL supports read replicas in both the same Amazon Region and in a different Amazon Region from the primary instance. |
Working with read replicas for Amazon RDS for PostgreSQL Creating a read replica in a different Amazon Web Services Region |
Understanding security groups By default, DB instances are created with a firewall that prevents access to them. To provide access through that firewall, you edit the inbound rules for the security group associated with the VPC hosting the DB instance. In general, if your DB instance is on the EC2-Classic platform, you need to create a DB security group. If your DB instance is on the EC2-VPC platform, you need to create a VPC security group. |
Determining whether you are using the EC2-VPC or EC2-Classic platform |
Setting up parameter groups and features To change the default parameters for your DB instance, create a custom DB parameter group and change settings to that. If you do this before creating your DB instance, you can choose your custom DB parameter group when you create the instance. |
|
Connecting to your PostgreSQL DB instance After creating a security group and associating it to a DB
instance, you can connect to the DB instance using any standard SQL
client application such as |
Connecting to a DB instance running the PostgreSQL database engine |
Backing up and restoring your DB instance You can configure your DB instance to take automated backups, or take manual snapshots, and then restore instances from the backups or snapshots. |
|
Monitoring the activity and performance of your DB instance You can monitor a PostgreSQL DB instance by using CloudWatch Amazon RDS metrics, events, and enhanced monitoring. |
|
Upgrading the PostgreSQL database version You can do both major and minor version upgrades for your PostgreSQL DB instance. |
|
Working with log files You can access the log files for your PostgreSQL DB instance. |
|
Understanding the best practices for PostgreSQL DB instances Find some of the best practices for working with PostgreSQL on Amazon RDS. |
Following is a list of other sections in this guide that can help you understand and use important features of RDS for PostgreSQL:
Working with the database preview environment
When you create a DB instance in Amazon RDS, you know that the PostgreSQL version it's based on has been tested and is fully supported by Amazon. The PostgreSQL community releases new versions and new extensions continuously. You can try out new PostgreSQL versions and extensions before they are fully supported. To do that, you can create a new DB instance in the Database Preview Environment.
DB instances in the Database Preview Environment are similar to DB instances in a production environment. However, keep in mind several important factors:
-
All DB instances are deleted 60 days after you create them, along with any backups and snapshots.
-
You can only create a DB instance in a virtual private cloud (VPC) based on the Amazon VPC service.
-
You can only create M6g, M5, T3, R6g, and R5 instance types. For more information about RDS instance classes, see DB instance classes.
-
You can only use General Purpose SSD and Provisioned IOPS SSD storage.
-
You can't get help from Amazon Support with DB instances. Instead, you can post your questions to the Amazon‐managed Q&A community, Amazon re:Post
. -
You can't copy a snapshot of a DB instance to a production environment.
-
You can use both single-AZ and multi-AZ deployments.
-
You can use standard PostgreSQL dump and load functions to export databases from or import databases to the Database Preview Environment.
Features not supported in the preview environment
The following features are not available in the preview environment:
-
Cross-Region snapshot copy
-
Cross-Region read replicas
Limitations for PostgreSQL DB instances
The following is a list of limitations for RDS for PostgreSQL:
You can have up to 40 PostgreSQL DB instances.
For storage limits, see Amazon RDS DB instance storage.
-
Amazon RDS reserves up to 3 connections for system maintenance. If you specify a value for the user connections parameter, add 3 to the number of connections that you expect to use.
Available PostgreSQL database versions
Amazon RDS supports DB instances running several editions of PostgreSQL. You can specify any currently available PostgreSQL version when creating a new DB instance. You can specify the major version (such as PostgreSQL 10), and any available minor version for the specified major version. If no version is specified, Amazon RDS defaults to an available version, typically the most recent version. If a major version is specified but a minor version is not, Amazon RDS defaults to a recent release of the major version you have specified.
To see a list of available versions, as well as defaults for newly created DB
instances, use the describe-db-engine-versions
Amazon CLI command. For example,
to display the default PostgreSQL engine version, use the following command:
aws rds describe-db-engine-versions --default-only --engine postgres
For details about the PostgreSQL versions that are supported on Amazon RDS, see the Amazon RDS for PostgreSQL Release Notes.
Deprecation of PostgreSQL version 9.6
On March 31, 2022, Amazon RDS plans to deprecate PostgreSQL 9.6 using the following schedule. This extends the previously announced date of January 18, 2022 to April 26, 2022. You should upgrade all your PostgreSQL 9.6 DB instances to PostgreSQL 12 or higher as soon as possible. We recommend that you first upgrade to minor version 9.6.20 or higher and then upgrade directly to PostgreSQL 12 rather than upgrading to an intermediate major version. For more information, see Upgrading the PostgreSQL DB engine for Amazon RDS.
Action or recommendation | Dates |
---|---|
The PostgreSQL community discontinued support for PostgreSQL 9.6, and will no longer provide bug fixes or security patches for this version. |
November 11, 2021 |
Start upgrading RDS for PostgreSQL 9.6 DB instances to PostgreSQL 12 or higher as soon as possible. Although you can continue to restore PostgreSQL 9.6 snapshots and create read replicas with version 9.6, be aware of the other critical dates in this deprecation schedule and their impact. |
Now – March 31, 2022 |
After this date, you can't create new Amazon RDS instances with PostgreSQL major version 9.6 from either the Amazon Web Services Management Console or the Amazon CLI. |
March 31, 2022 |
After this date, Amazon RDS automatically upgrades PostgreSQL 9.6 instances to version 12. If you restore a PostgreSQL 9.6 database snapshot, Amazon RDS automatically upgrades the restored database to PostgreSQL 12. |
April 26, 2022 |
Deprecated versions for Amazon RDS for PostgreSQL
RDS for PostgreSQL 9.5 is deprecated as of March, 2021. For more information about RDS for PostgreSQL 9.5 deprecation, see
Upgrading from Amazon RDS for PostgreSQL version 9.5
To learn more about deprecation policy for RDS for PostgreSQL, see
Amazon RDS FAQs
Supported PostgreSQL extension versions
RDS for PostgreSQL supports many PostgreSQL extensions. The PostgreSQL community
sometimes refers to these as modules. Extensions expand on the functionality
provided by the PostgreSQL engine. You can find a list of extensions supported
by Amazon RDS in the default DB parameter group for that PostgreSQL version. You can
also see the current extensions list using psql
by showing the
rds.extensions
parameter as in the following example.
SHOW rds.extensions;
Parameters added in a minor version release might display inaccurately
when using the rds.extensions
parameter in psql
.
For details about the PostgreSQL extensions that are supported on Amazon RDS, see PostgreSQL extensions supported on Amazon RDS in Amazon RDS for PostgreSQL Release Notes.
Restricting installation of PostgreSQL extensions
You can restrict which extensions can be installed on a PostgreSQL DB
instance. To do so, set the rds.allowed_extensions
parameter to a
string of comma-separated extension names. Only these extensions can then be
installed in the PostgreSQL DB instance.
The default string for the rds.allowed_extensions
parameter is '*',
which means that any extension available for the engine version can be installed.
Changing the rds.allowed_extensions
parameter does not require a
database restart because it's a dynamic parameter.
The PostgreSQL DB instance engine must be one of the following versions for you to use
the rds.allowed_extensions
parameter:
-
PostgreSQL 14.1 or a higher minor version
-
PostgreSQL 13.2 or a higher minor version
-
PostgreSQL 12.6 or a higher minor version
To see which extension installations are allowed, use the following psql command.
postgres=>
SHOW rds.allowed_extensions;
rds.allowed_extensions ------------------------ *
If an extension was installed prior to it being left out of the list in
the rds.allowed_extensions
parameter, the extension can still
be used normally, and commands such as ALTER EXTENSION
and
DROP EXTENSION
will continue to work. However, after an
extension is restricted, CREATE EXTENSION
commands for the
restricted extension will fail.
Installation of extension dependencies with CREATE EXTENSION
CASCADE
are also restricted. The extension and its dependencies
must be specified in rds.allowed_extensions
. If an extension
dependency installation fails, the entire CREATE EXTENSION
CASCADE
statement will fail.
If an extension is not included with the
rds.allowed_extensions
parameter, you will see an error
such as the following if you try to install it.
ERROR: permission denied to create extension "extension-name
"
HINT: This extension is not specified in "rds.allowed_extensions".
PostgreSQL trusted extensions
To install most PostgreSQL extensions requires
rds_superuser
privileges. PostgreSQL 13 introduced trusted
extensions,
which
reduce the need to grant rds_superuser
privileges to regular users.
With this feature, users can install many extensions if they have the
CREATE
privilege on the current database instead of requiring the
rds_superuser
role. For more information, see the SQL CREATE
EXTENSION
The following lists the extensions that can be installed by a user who
has the CREATE
privilege on the current database and do not
require the rds_superuser
role:
-
bool_plperl
-
jsonb_plperl
Working with PostgreSQL features supported by Amazon RDS for PostgreSQL
Amazon RDS for PostgreSQL supports many of the most common PostgreSQL features and much common functionality. For example, PostgreSQL has an autovacuum feature that performs routine maintenance on the database. This feature is active by default. Although you can turn off this feature, we highly recommend that you keep it on. Understanding this feature and what you can do to make sure it works as it should is a basic task of any DBA. For more information about the autovacuum, see Working with the PostgreSQL autovacuum on Amazon RDS for PostgreSQL. To learn more about other common DBA tasks, Common DBA tasks for Amazon RDS for PostgreSQL.
RDS for PostgreSQL also supports extensions that add important functionality to the DB instance. For example, you can use the PostGIS extension to work with spatial data, or use the pg_cron extension to schedule maintenance from within the instance. For more information about PostgreSQL extensions, see Using PostgreSQL extensions with Amazon RDS for PostgreSQL.
Foreign data wrappers are a specific type of extension designed to let your RDS for PostgreSQL DB instance work with other commercial databases or data types. For more information about foreign data wrappers supported by RDS for PostgreSQL, see Working with the supported foreign data wrappers for Amazon RDS for PostgreSQL.
Following, you can find information about some PostgreSQL features supported by RDS for PostgreSQL.
Topics
Custom data types and enumerations with RDS for PostgreSQL
PostgreSQL supports creating custom data types and working with enumerations. For
more information about creating and working with enumerations and other data types,
see Enumerated
types
The following is an example of creating a type as an enumeration and then inserting values into a table.
CREATE TYPE rainbow AS ENUM ('red', 'orange', 'yellow', 'green', 'blue', 'purple');
CREATE TYPE
CREATE TABLE t1 (colors rainbow);
CREATE TABLE
INSERT INTO t1 VALUES ('red'), ( 'orange');
INSERT 0 2
SELECT * from t1;
colors -------- red orange (2 rows)
postgres=>
ALTER TYPE rainbow RENAME VALUE 'red' TO 'crimson';
ALTER TYPE
postgres=>
SELECT * from t1;
colors --------- crimson orange (2 rows)
Event triggers for RDS for PostgreSQL
All current PostgreSQL versions support event triggers, and so do all available versions
of RDS for PostgreSQL. You can use the main user account (default, postgres
)
to create, modify, rename, and delete event triggers. Event triggers
are at the DB instance level, so they can apply to all databases on an
instance.
For example, the following code creates an event trigger that prints the current user at the end of every data definition language (DDL) command.
CREATE OR REPLACE FUNCTION raise_notice_func() RETURNS event_trigger LANGUAGE plpgsql AS $$ BEGIN RAISE NOTICE 'In trigger function: %', current_user; END; $$; CREATE EVENT TRIGGER event_trigger_1 ON ddl_command_end EXECUTE PROCEDURE raise_notice_func();
For more information about PostgreSQL event triggers, see Event triggers
There are several limitations to using PostgreSQL event triggers on Amazon RDS. These include the following:
-
You can't create event triggers on read replicas. You can, however, create event triggers on a read replica source. The event triggers are then copied to the read replica. The event triggers on the read replica don't fire on the read replica when changes are pushed from the source. However, if the read replica is promoted, the existing event triggers fire when database operations occur.
-
To perform a major version upgrade to a PostgreSQL DB instance that uses event triggers, make sure to delete the event triggers before you upgrade the instance.
Huge pages for RDS for PostgreSQL
Huge pages are a memory management feature that
reduces overhead when a DB instance is working with large contiguous chunks of
memory, such as that used by shared buffers. This PostgreSQL feature is supported by
all currently available RDS for PostgreSQL versions. You allocate huge pages for your
application by using calls to mmap
or SYSV
shared memory.
RDS for PostgreSQL supports both 4-KB and 2-MB page sizes.
You can turn huge pages on or off by changing the value of the huge_pages
parameter. The feature is turned on by default for all DB instance classes other
than micro, small, and medium DB instance classes.
Huge pages aren't supported for db.m1, db.m2, and db.m3 DB instance classes.
RDS for PostgreSQL uses huge pages based on the available shared memory. If the DB instance can't
use huge pages due to shared memory constraints, Amazon RDS prevents the DB instance from
starting. In this case, Amazon RDS sets the status of the DB instance to an incompatible
parameters state. If this occurs, you can set the huge_pages
parameter
to off
to allow Amazon RDS to start the DB instance.
The shared_buffers
parameter is key to setting the shared
memory pool that is required for using huge pages. The default value for the
shared_buffers
parameter uses a database parameters macro. This
macro sets a percentage of the total 8 KB pages available for the DB instance's
memory. When you use huge pages, those pages are located with the huge
pages. Amazon RDS puts a DB instance into an incompatible parameters state if the shared memory
parameters are set to require more than 90 percent of the DB instance memory.
To learn more about PostgreSQL memory management, see Resource Consumption
Performing logical replication for Amazon RDS for PostgreSQL
Starting with version 10.4, Amazon RDS for PostgreSQL supports the publication and
subscription SQL syntax that was first introduced in PostgreSQL 10. To learn more, see
Logical
replication
Following, you can find information about setting up logical replication for an RDS for PostgreSQL DB instance.
Understanding logical replication and logical decoding
RDS for PostgreSQL supports the streaming of write-ahead log (WAL) changes
using PostgreSQL's logical replication slots. It also supports using logical
decoding. You can set up logical replication slots on your instance and stream database
changes through these slots to a client such as pg_recvlogical
. You create
logical replication slots at the database level, and they support replication
connections to a single database.
The most common clients for PostgreSQL logical replication are Amazon Database Migration Service or a custom-managed host on an Amazon EC2 instance. The logical replication slot has no information about the receiver of the stream. Also, there's no requirement that the target be a replica database. If you set up a logical replication slot and don't read from the slot, data can be written and quickly fill up your DB instance's storage.
You turn on PostgreSQL logical replication and logical decoding for Amazon RDS with a parameter, a replication connection type, and a security role. The client for logical decoding can be any client that can establish a replication connection to a database on a PostgreSQL DB instance.
To turn on logical decoding for an RDS for PostgreSQL DB instance
-
Make sure that the user account that you're using has these roles:
-
The
rds_superuser
role so you can turn on logical replication -
The
rds_replication
role to grant permissions to manage logical slots and to stream data using logical slots
-
-
Set the
rds.logical_replication
static parameter to 1. As part of applying this parameter, also set the parameterswal_level
,max_wal_senders
,max_replication_slots
, andmax_connections
. These parameter changes can increase WAL generation, so set therds.logical_replication
parameter only when you are using logical slots. -
Reboot the DB instance for the static
rds.logical_replication
parameter to take effect. -
Create a logical replication slot as explained in the next section. This process requires that you specify a decoding plugin. Currently, RDS for PostgreSQL supports the test_decoding and wal2json output plugins that ship with PostgreSQL.
For more information on PostgreSQL logical decoding, see the PostgreSQL documentation
Working with logical replication slots
You can use SQL commands to work with logical slots. For example, the
following command creates a logical slot named test_slot
using the default PostgreSQL output plugin
test_decoding
.
SELECT * FROM pg_create_logical_replication_slot('test_slot', 'test_decoding');
slot_name | xlog_position -----------------+--------------- regression_slot | 0/16B1970 (1 row)
To list logical slots, use the following command.
SELECT * FROM pg_replication_slots;
To drop a logical slot, use the following command.
SELECT pg_drop_replication_slot('test_slot');
pg_drop_replication_slot ----------------------- (1 row)
For more examples on working with logical replication slots, see
Logical decoding examples
After you create the logical replication slot, you can start streaming. The following example shows how logical decoding is controlled over the streaming replication protocol. This example uses the program pg_recvlogical, which is included in the PostgreSQL distribution. Doing this requires that client authentication is set up to allow replication connections.
pg_recvlogical -d postgres --slot test_slot -U postgres --host -
instance-name.111122223333
.aws-region
.rds.amazonaws.com -f - --start
To see the contents of the pg_replication_origin_status
view, query the pg_show_replication_origin_status
function.
SELECT * FROM pg_show_replication_origin_status();
local_id | external_id | remote_lsn | local_lsn ----------+-------------+------------+----------- (0 rows)
RAM disk for the stats_temp_directory
You can use the RDS for PostgreSQL parameter rds.pg_stat_ramdisk_size
to
specify the system memory allocated to a RAM disk for storing the PostgreSQL
stats_temp_directory
. The RAM disk parameter is available for all
PostgreSQL versions on Amazon RDS.
Under certain workloads, setting this parameter can improve performance and decrease
I/O requirements. For more information about the stats_temp_directory
,
see the PostgreSQL documentation.
To set up a RAM disk for your stats_temp_directory
, set the
rds.pg_stat_ramdisk_size
parameter to an integer literal value in
the parameter group used by your DB instance. This parameter denotes MB, so you must use an integer value.
Expressions, formulas, and functions aren't valid for the rds.pg_stat_ramdisk_size
parameter.
Be sure to reboot the DB instance so that the change takes effect. For information about setting
parameters, see Working with parameter groups.
For example, the following Amazon CLI command sets the RAM disk parameter to 256 MB.
aws rds modify-db-parameter-group \ --db-parameter-group-name pg-95-ramdisk-testing \ --parameters "ParameterName=rds.pg_stat_ramdisk_size, ParameterValue=256, ApplyMethod=pending-reboot"
After you reboot, run the following command to see the status of the
stats_temp_directory
.
postgres=>
SHOW stats_temp_directory;
The command should return the following.
stats_temp_directory
---------------------------
/rdsdbramdisk/pg_stat_tmp
(1 row)
Tablespaces for RDS for PostgreSQL
RDS for PostgreSQL supports tablespaces for compatibility. Because all storage is on a single logical volume, you can't use tablespaces for I/O splitting or isolation. Our benchmarks and experience indicate that a single logical volume is the best setup for most use cases.
To create and use tablespaces with your RDS for PostgreSQL DB instance requires the
rds_superuser
role. Your RDS for PostgreSQL DB instance's main user account (default name, postgres
)
is a member of this role. For more information, see
Understanding PostgreSQL roles and permissions.
If you specify a file name when you create a tablespace, the path prefix is
/rdsdbdata/db/base/tablespace
. The following example places tablespace files in
/rdsdbdata/db/base/tablespace/data
. This example assumes that a dbadmin
user (role)
exists and that it's been granted the rds_superuser
role needed to work with tablespaces.
postgres=>
CREATE TABLESPACE act_data OWNER dbadmin LOCATION '/data';
CREATE TABLESPACE
To learn more about PostgreSQL tablespaces, see Tablespaces