Skip to content

docs: update AWS RDS IAM Auth instructions #1421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 25, 2025
Merged

docs: update AWS RDS IAM Auth instructions #1421

merged 2 commits into from
Nov 25, 2025

Conversation

@keegancsmith
Copy link
Member

@keegancsmith keegancsmith commented Nov 13, 2025

The IAM Auth configuration only needs to be applied to the frontend service(s), not all services requiring database connections. This update:

  • Clarifies that config is only needed for sourcegraph-frontend service
  • Adds missing CODEINTEL_PGHOST variable for completeness
  • Documents AWS_STS_REGIONAL_ENDPOINTS as optional configuration for customers who want to use regional STS endpoints for improved latency and resiliency (common in production AWS deployments)

NOTE: This can only be merged once our backport lands for these improvements https://github.com/sourcegraph/sourcegraph/pull/7825

Amp-Thread-ID: https://ampcode.com/threads/T-27ca9536-a526-45bd-9992-f9011dbf5cff

@keegancsmith @ampcode-com
docs: update AWS RDS IAM Auth instructions
4600399 
The IAM Auth configuration only needs to be applied to the frontend
service(s), not all services requiring database connections. This update:

- Clarifies that config is only needed for sourcegraph-frontend service
- Adds missing CODEINTEL_PGHOST variable for completeness
- Documents AWS_STS_REGIONAL_ENDPOINTS as optional configuration for
  customers who want to use regional STS endpoints for improved latency
  and resiliency (common in production AWS deployments)

Amp-Thread-ID: https://ampcode.com/threads/T-27ca9536-a526-45bd-9992-f9011dbf5cff
Co-authored-by: Amp <[email protected]>
@vercel
Copy link

vercel bot commented Nov 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
sourcegraph-docs Ready Ready Preview Comment Nov 24, 2025 8:51pm

marcleblanc2
marcleblanc2 reviewed Nov 22, 2025
View reviewed changes
docs/admin/external_services/postgres.mdx
- For EC2 (docker-compose deployment), use [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)

For [every services that require postgres database connection](https://github.com/sourcegraph/sourcegraph-public-snapshot/blob/main/lib/servicecatalog/service-catalog.yaml), ensure below environment variables are configured:
Configure the following environment variables for the **`sourcegraph-frontend`** service (or all `sourcegraph-frontend-*` services in Docker Compose deployments):
Copy link
Contributor

@marcleblanc2 marcleblanc2 Nov 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to specify migrator as well for Docker Compose, as it's separate

@DaedalusG DaedalusG merged commit f826785 into main Nov 25, 2025
5 checks passed
@DaedalusG DaedalusG deleted the k/doc-updates branch November 25, 2025 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcleblanc2 marcleblanc2 marcleblanc2 left review comments

@DaedalusG DaedalusG DaedalusG approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@keegancsmith @marcleblanc2 @DaedalusG