Skip to main content
This guide provides instructions for granting Aampe access to your AWS RDS database for data synchronization. Grant Aampe direct read access to your RDS instance for real-time data synchronization.

Requirements

  • AWS account with an existing RDS instance
  • Admin access to your AWS account
  • RDS instance endpoint and database name
  • Network access configured (Security Groups/VPC)

Setup Steps

1. Create Database User for Aampe

Connect to your RDS instance and create a read-only user: 
-- For MySQL/MariaDB
CREATE USER 'aampe_reader'@'%' IDENTIFIED BY 'STRONG_PASSWORD_HERE';

-- For PostgreSQL
CREATE USER aampe_reader WITH PASSWORD 'STRONG_PASSWORD_HERE';

-- For SQL Server
CREATE LOGIN aampe_reader WITH PASSWORD = 'STRONG_PASSWORD_HERE';
CREATE USER aampe_reader FOR LOGIN aampe_reader;

2. Grant Read Permissions

-- For MySQL/MariaDB
GRANT SELECT ON your_database.* TO 'aampe_reader'@'%';
FLUSH PRIVILEGES;

-- For PostgreSQL
GRANT CONNECT ON DATABASE your_database TO aampe_reader;
GRANT USAGE ON SCHEMA public TO aampe_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO aampe_reader;
-- For future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO aampe_reader;

-- For SQL Server
USE your_database;
ALTER ROLE db_datareader ADD MEMBER aampe_reader;

3. Configure Network Access

Update your RDS Security Group to allow Aampe’s IP addresses: 
# Add ingress rule to your RDS security group
aws ec2 authorize-security-group-ingress \
  --group-id sg-YOUR_SECURITY_GROUP_ID \
  --protocol tcp \
  --port YOUR_DB_PORT \
  --cidr AAMPE_IP_RANGE/32 \
  --group-rule-description "Aampe data sync access"
Note: Your Aampe representative will provide the specific IP addresses or ranges to allowlist. 
# Download RDS CA certificate
wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem

# For MySQL, enforce SSL for the Aampe user
mysql> ALTER USER 'aampe_reader'@'%' REQUIRE SSL;

5. Provide Information to Aampe

Share the following with your Aampe representative:
  • Endpoint: your-instance.region.rds.amazonaws.com
  • Port: (default: MySQL 3306, PostgreSQL 5432, SQL Server 1433)
  • Database name
  • Username: aampe_reader
  • Password: (share securely)
  • SSL certificate: (if using SSL)
  • List of tables to sync