# Integrate Amazon Aurora for PostgreSQL with Databox Amazon Aurora is a cloud-native relational database engine from AWS that is fully compatible with PostgreSQL while delivering up to three times the throughput of standard PostgreSQL on the same hardware. Aurora clusters automatically replicate data across multiple Availability Zones, handle failover, and manage storage scaling without manual intervention. Connecting Amazon Aurora for PostgreSQL to Databox lets you pull data directly from your Aurora cluster, build datasets using SQL queries, and visualize business-critical figures alongside data from your other connected tools. This article covers Aurora clusters running the **PostgreSQL-compatible engine**. If your cluster uses the MySQL-compatible engine, see [Integrate Amazon Aurora for MySQL with Databox](/integrate-amazon-aurora-for-mysql-with-databox) instead. The steps for configuring public access and security group rules in AWS are the same for both engine types. ## Connection If you've already established a connection, you can [reuse](/add-a-data-source) it to add new data sources to your Databox account. ### Step 1: Create a read-only PostgreSQL role for Databox Databox only reads data from your database — it never writes to it. Create a dedicated PostgreSQL role with `SELECT`-only privileges on the schemas and tables you want to expose. You can run these commands using a PostgreSQL client connected to your Aurora cluster endpoint, or via the **Query Editor** in the AWS Management Console. ```sql CREATE ROLE databox WITH LOGIN PASSWORD 'your_secure_password'; GRANT CONNECT ON DATABASE your_database TO databox; GRANT USAGE ON SCHEMA public TO databox; GRANT SELECT ON ALL TABLES IN SCHEMA public TO databox; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO databox; ``` Replace `your_database` with the name of the database you want to connect, and `your_secure_password` with a strong password. If you need to expose tables in additional schemas, repeat the `GRANT USAGE` and `GRANT SELECT` statements for each schema. Avoid the following special characters in your password, as they can cause encoding issues when establishing the connection: ```, `'`, `"`, `/`, `\`, and spaces. ### Step 2: Enable public accessibility on your Aurora cluster By default, Aurora instances are not accessible from outside their VPC. To allow Databox to reach your cluster, each instance in the cluster must be configured as publicly accessible. 1. In the [AWS Management Console](https://console.aws.amazon.com/rds/), go to **Databases** and select your Aurora DB cluster. 2. Select an individual DB instance within the cluster (not the cluster itself). 3. Click **Modify**. 4. Under **Connectivity**, set **Public access** to **Yes**. 5. Click **Continue**, then choose **Apply immediately**. 6. Click **Modify DB instance** to save. 7. Repeat for any other instances in the cluster. For the cluster to be reachable after enabling public access, its subnet group must include subnets with an internet gateway attached. If connectivity still fails, verify that a route to `0.0.0.0/0` via an internet gateway exists in the associated route table. ### Step 3: Add the Databox IP to your VPC security group Aurora controls network access through VPC security groups. Add an inbound rule that permits TCP traffic on port `5432` from the Databox IP address. 1. In the [AWS Management Console](https://console.aws.amazon.com/rds/), go to **Databases** and select your Aurora DB cluster. 2. Under **Connectivity & security**, click the link to the **VPC security group** associated with the cluster. 3. Select the security group, then click **Edit inbound rules**. 4. Click **Add rule** and fill in: - **Type**: PostgreSQL - **Protocol**: TCP - **Port range**: 5432 - **Source**: Custom — enter `52.4.198.118/32` 5. Click **Save rules**. ### Step 4: Enter your Aurora connection details in Databox 1. In Databox, go to **Data Sources > + New connection**. 2. Search for **PostgreSQL** and click **Connect**. 3. Fill in the connection form: - **Data source name** — a label for this connection in Databox. - **Host** — your Aurora cluster endpoint, found on the cluster's **Connectivity & security** tab in the AWS Console (e.g., `my-cluster.cluster-abc123.us-east-1.rds.amazonaws.com`). You can also use the **reader endpoint** (`my-cluster.cluster-ro-abc123.us-east-1.rds.amazonaws.com`) to route queries to read replicas only. - **Port** — the port your Aurora cluster listens on. The default for PostgreSQL-compatible Aurora is `5432`. - **User** — the PostgreSQL role name created in [Step 1](#step-1-create-a-read-only-postgresql-role-for-databox). - **Password** — the password for that role. - **Database name** (optional) — the specific database to connect to. Leave blank to connect at the server level. - **Timezone** — the time zone used to interpret date values in query results. Defaults to `Etc/UTC`. 4. Toggle **Use SSL/TLS** to enable encrypted connections. 5. Click **Connect**. connect ## Datasets The Amazon Aurora for PostgreSQL integration supports the creation of [datasets](/understanding-datasets), which allow you to define and shape the specific data you want to use for reporting in Databox. Datasets make it easier to focus on the most relevant information, enabling you to filter, visualize, and analyze metrics across projects, teams, and clients without writing complex queries each time. ### Steps to create a dataset 1. **Select a table**: Pick the appropriate schema within that database. 2. **Select columns**: Browse and select the specific columns (fields) from your tables or views to include in your dataset. These columns define the structure and content of your dataset. ### Optional: Write SQL For more advanced use cases, you can write a **custom SQL query** instead of selecting columns manually. This allows you to: - Join multiple tables - Apply filters and aggregations - Format or transform data before importing it into Databox Your query must return a valid tabular result to be used as a dataset. ### Additional resources - [Amazon Aurora documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) — Official AWS docs for Amazon Aurora, covering cluster creation, connectivity, security, backups, global databases, and monitoring. - [Amazon Aurora PostgreSQL-compatible edition](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraPostgreSQL.html) — PostgreSQL-specific guidance within the Aurora User Guide, including supported versions, parameter groups, and engine-specific features. ## Resources For comprehensive details on metrics, data availability, templates, specifications, usage guidelines, and other key information, refer to the resources listed below. Yes. Databox accepts either the cluster endpoint or the reader endpoint. The reader endpoint (`my-cluster.cluster-ro-abc123.us-east-1.rds.amazonaws.com`) distributes read queries across Aurora Replicas and is a good choice for Databox since it only issues `SELECT` queries. Use the cluster endpoint if your cluster has no replicas. Aurora Serverless v2 uses standard PostgreSQL connectivity and is supported — set it up the same way as a provisioned cluster. Aurora Serverless v1 uses the RDS Data API for connections and does not expose a standard TCP endpoint, so it is not compatible with the Databox connector. Check the following in order: 1. **Public access** is set to **Yes** on the DB instances within the cluster (under **Modify > Connectivity**). 2. The **VPC security group** has an inbound rule allowing TCP on port `5432` from `52.4.198.118/32`. 3. The subnet group includes subnets with a route to an internet gateway (`0.0.0.0/0`). 4. The PostgreSQL role was created with `LOGIN` privileges and the correct password. Verify with `\du` in a `psql` session connected to the cluster.   Ask Genie Get instant answers or help with your data using the in-app AI assistant. Talk to an expert For customers: Get help with your setup, strategy, or making the most of Databox. Book a demo New to Databox? See how it works and get guidance on getting started. Send an email Reach out to support for help with your account, data, or technical issues.