Privacy Dynamics Self-hosted
Database Setup
Required application databse
A PostgreSQL compatible databse is needed to store application configuration information. Privacy Dynamics recommends using one of the managed database services, below.
- AWS RDS
- AWS Aurora
- GCP Cloud SQL
Tip
The cluster and database instance should live within the same VPC. If that is not possible, VPC peering can be set up.
AWS installation
- A database within an RDS DB instance to store data specific to the PVCY application. Alternatively, a PostgreSQL compatible version of AWS Aurora will also work.
- If creating a new RDS instance, it should be a private
db.m6g.largeordb.t3.xlargemulti-AZ instance - Minimum of PostgreSQL Version 11.18 although Privacy Dynamics recommends version 13 or 14.
Allow all ingress traffic from the EKS cluster to the Postgres RDS instance on port 5432. This can be done by adding an inbound rule in the RDS Security Group to allow all traffic from the VPC IP address IPv4 CIDR range on port 5432.
Configure user and role
The following commands can be run as the postgres user from the command line psql tool.
CREATE USER pvcyuser WITH PASSWORD 'YH*****';
create database pvcydb;
create role pvcyrole;
GRANT pvcyrole TO [CURRENT USER];
ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO pvcyrole WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO pvcyrole WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO pvcyrole WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES GRANT USAGE ON TYPES TO pvcyrole WITH GRANT OPTION;
GRANT pvcyrole TO pvcyuser;