You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The IAM Auth configuration only needs to be applied to the frontend
service(s), not all services requiring database connections. This update:
- Clarifies that config is only needed for sourcegraph-frontend service
- Adds missing CODEINTEL_PGHOST variable for completeness
- Documents AWS_STS_REGIONAL_ENDPOINTS as optional configuration for
customers who want to use regional STS endpoints for improved latency
and resiliency (common in production AWS deployments)
Amp-Thread-ID: https://ampcode.com/threads/T-27ca9536-a526-45bd-9992-f9011dbf5cff
Co-authored-by: Amp <[email protected]>
Copy file name to clipboardExpand all lines: docs/admin/external_services/postgres.mdx
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -122,7 +122,7 @@ In order to enable IAM Auth, you first need to:
122
122
- For EKS (k8s deployment), use [IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
123
123
- For EC2 (docker-compose deployment), use [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
124
124
125
-
For [every services that require postgres database connection](https://github.com/sourcegraph/sourcegraph-public-snapshot/blob/main/lib/servicecatalog/service-catalog.yaml), ensure below environment variables are configured:
125
+
Configure the following environment variables for the **`sourcegraph-frontend`** service (or all `sourcegraph-frontend-*` services in Docker Compose deployments):
126
126
127
127
- `PG_CONNECTION_UPDATER=EC2_ROLE_CREDENTIALS`
128
128
- `PGSSLMODE=require`
@@ -131,15 +131,20 @@ For [every services that require postgres database connection](https://github.co
131
131
- `PGUSER=<>`- this should be the database accounts created above
132
132
- `PGDATABASE=<>`
133
133
- `CODEINTEL_PGSSLMODE=require`
134
+
- `CODEINTEL_PGHOST=<>`
134
135
- `CODEINTEL_PGPORT=<>`
135
-
- `CODEINTEL_PGUSER=<>`this should be the database accounts created above
136
+
- `CODEINTEL_PGUSER=<>`- this should be the database accounts created above
136
137
- `CODEINTEL_PGDATABASE=<>`
137
138
- `CODEINSIGHTS_PGSSLMODE=require`
138
139
- `CODEINSIGHTS_PGHOST=<>`
139
140
- `CODEINSIGHTS_PGPORT=<>`
140
-
- `CODEINSIGHTS_PGUSER=<>`this should be the database accounts created above
141
+
- `CODEINSIGHTS_PGUSER=<>`- this should be the database accounts created above
141
142
- `CODEINSIGHTS_PGDATABASE=<>`
142
143
144
+
**Optional:** If your workloads are in a specific AWS Region and you want to use regional STS endpoints for improved latency and resiliency, also set:
145
+
146
+
- `AWS_STS_REGIONAL_ENDPOINTS=regional`- This configures the AWS SDK to use regional STS endpoints (e.g., `sts.us-west-2.amazonaws.com`) instead of the global endpoint (`sts.amazonaws.com`). This is recommended for better performance and resilience. See [AWS documentation](https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html) for more details.
147
+
143
148
## Usage with PgBouncer
144
149
145
150
[PgBouncer] is a lightweight connections pooler for PostgreSQL. It allows more clients to connect with the PostgreSQL database without running into connection limits.
0 commit comments