Skip to main content

Database

The Istari Digital platform requires a PostgreSQL database to store user data, application data, and other information. Istari recommendation is to use an AWS RDS instance for the PostgreSQL database. The customer can also use a PostgreSQL HA Helm chart for development and testing purposes.

tip

The Istari Digital platform supports PostgreSQL 16 and later versions. It is recommended to use the latest stable version of PostgreSQL for optimal performance and security.

PostgreSQL Database Resources and Install Process

AWS RDS Instance

AWS RDS (Relational Database Service) is a managed database service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks.

Step 1: Create a subnet group

  1. Log in to the AWS Management Console.
  2. Navigate to the RDS service.
  3. Click on Subnet groups in the left navigation pane.
  4. Click on Create DB Subnet Group.
  5. Enter a name for the subnet group.
  6. Select the VPC where your EKS cluster is running.
  7. Select the subnets where your EKS cluster is running.
  8. Click on Create.
  9. Wait for the subnet group to be created.
  10. Click on the subnet group to view its details.

Step 2: Create a security group

  1. Log in to the AWS Management Console.
  2. Navigate to the EC2 service.
  3. Click on Security Groups in the left navigation pane.
  4. Click on Create security group.
  5. Enter a name for the security group.
  6. Select the VPC where your EKS cluster is running.
  7. Add inbound rules to allow traffic from the EKS cluster to the RDS instance.
    • Type: PostgreSQL
    • Protocol: TCP
    • Port Range: 5432
    • Source: Custom (select the security group of your EKS cluster)
  8. Add outbound rules to allow traffic from the RDS instance to the EKS cluster.
    • Type: All traffic
    • Protocol: All
    • Port Range: All
    • Destination: Custom (select the security group of your EKS cluster)
  9. Click on Create security group.
  10. Wait for the security group to be created.
  11. Click on the security group to view its details.
  12. Note the security group ID for later use.

Step 3: Create an RDS instance

  1. Log in to the AWS Management Console.
  2. Navigate to the RDS service.
  3. Click on Create database.
  4. Under Choose a database creation method, choose Standard Create.
  5. Under Engine options
    1. Select PostgreSQL as the database engine.
    2. Select Engine version with a version greater than or equal to 16.
    3. Optionally, select Enable RDS extended support.
  6. Under Templates, select Production.
  7. Under Availability and durability, select Multi-AZ deployment.
  8. Under Settings
    1. Set the DB instance identifier to your desired database instance.
    2. Set the Master username to your desired username.
    3. Set Credentials management to Self manage.
    4. Set the Master password to your desired password.
      warning

      The PostgreSQL password ends up becoming part of a URI connection string and thus the characters used must be limited to the following due to URI escaping rules: A–Z a–z 0–9 - _ . ! ~ * ' ( ) ; / ? : @ & = + $ , #

  9. Under Instance configuration, Select Memory optimized classes and set the DB instance class to db.r8g.2xlarge or equivalent instance class that provides at least 8 vCPU and 64 GiB Memory.
  10. Under Storage
    1. Set the Storage type to your desired type. Istari recommends General Purpose SSD (gp3).
    2. Set the Storage size to your desired size. Istari recommends 32 GiB or larger.
    3. Expand Additional storage configuration and select Enable storage autoscaling.
    4. Optionally tune other options as needed.
  11. Under Connectivity
    1. Select the VPC where your EKS cluster is running.
    2. Select the Subnet group created in first step.
    3. Select the VPC security group created in the second step.
    4. Set Public access to No.
  12. Optionally tune other options as needed.

Please consult the AWS RDS documentation for more information on how to create an RDS instance.

Create Istari Platform databases and users

Databases

The customer will need to create the following databases in the PostgreSQL database for the Istari Digital platform:

  • registry_service
  • spicedb
  • zitadel

The customer will need to create the databases in the PostgreSQL database and assign them the appropriate privileges. The customer can use the following SQL commands to create the databases and assign them privileges:

CREATE DATABASE registry_service;
CREATE DATABASE spicedb;
CREATE DATABASE zitadel;

Users

The customer will need to create the following users in the PostgreSQL database for the Istari Digital platform:

  • registry_service
  • spicedb
  • zitadel

The customer will need to create the users in the PostgreSQL database and assign them the appropriate privileges. The customer can use the following SQL commands to create the users and assign them privileges:

CREATE USER registry_service WITH PASSWORD 'registry_service_user_password';
GRANT ALL PRIVILEGES ON DATABASE registry_service TO registry_service;
CREATE USER spicedb WITH PASSWORD 'spicedb_user_password';
GRANT ALL PRIVILEGES ON DATABASE spicedb TO spicedb;
CREATE USER zitadel WITH PASSWORD 'zitadel_user_password';
GRANT ALL PRIVILEGES ON DATABASE zitadel TO zitadel;

The customer will need to replace the passwords with their own secure passwords. The customer will also need to replace the database names with the actual database names used in the Istari Digital platform.

Database ownership

The customer will need to assign ownership of the databases to the appropriate users. The customer can use the following SQL commands to assign ownership of the databases:

ALTER DATABASE registry_service OWNER TO registry_service;
ALTER DATABASE spicedb OWNER TO spicedb;
ALTER DATABASE zitadel OWNER TO zitadel;
tip

The customer has the ability to replace the usernames and database names above if there are any discrepancies.