SQLServerCentral Article

Unlocking Interoperability: A Guide to Foreign Data Wrappers in PostgreSQL and Aurora PostgreSQL AWS RDS

,

Unlocking Interoperability: A Guide to Foreign Data Wrappers in PostgreSQL and Aurora PostgreSQL AWS RDS

As a database professional, I often encounter scenarios where data is fragmented across various systems. In today's distributed IT landscape, it's not uncommon for critical business information to reside in different databases, perhaps an on-premise PostgreSQL instance for legacy applications, and an Aurora PostgreSQL AWS RDS cluster powering new microservices. The challenge then becomes how to seamlessly integrate and query this disparate data without resorting to complex ETL processes or data duplication. This is precisely where Foreign Data Wrappers (FDWs) in PostgreSQL become an invaluable asset.

A Foreign Data Wrapper is a powerful extension that allows a PostgreSQL database to access data stored in external data sources as if they were local tables. Essentially, it creates a bridge, enabling your PostgreSQL instance to communicate with another database, such as another PostgreSQL server, Oracle, MySQL, SQL Server, or even non-relational sources like CSV files or REST APIs (via specific FDWs). This capability transforms your database into a central hub for data federation, providing a unified query interface and eliminating the overhead of moving data around. My experience with FDWs highlights their role in simplifying complex data architectures and enabling real-time insights across an organization's data ecosystem.

Consider a practical scenario: a company is migrating its e-commerce platform to AWS, with a new transactional database built on Aurora PostgreSQL. However, their historical sales data, which is crucial for trend analysis and reporting, remains in an older, separate PostgreSQL instance within their private data center. Instead of building an elaborate ETL pipeline to copy gigabytes of historical data into the new Aurora instance, or forcing analysts to connect to two different databases for their reports, I can leverage a Foreign Data Wrapper. By setting up an FDW in the Aurora PostgreSQL database, I can create "foreign tables" that directly reference the historical sales data in the on-premise database. This allows analysts to perform complex joins between current product information residing in Aurora and historical sales figures from the legacy system, all through a single SQL query executed on the Aurora database, as if all the data were local. This approach ensures data freshness, reduces storage costs, and significantly simplifies the analytical workflow.

Setting Up a Foreign Data Wrapper: A Step-by-Step Approach

The process of configuring an FDW involves a few key steps: enabling the extension, defining the remote server, mapping local users to remote credentials, and finally, defining the foreign tables. For both standalone PostgreSQL and Aurora PostgreSQL on AWS RDS, the core syntax and logical steps remain consistent, though network connectivity (e.g., AWS security groups, VPC peering) is a crucial prerequisite for cloud environments.

Before beginning, ensure that network connectivity exists between your source PostgreSQL database (where you're setting up the FDW) and your target PostgreSQL database (the remote data source). For AWS RDS instances, this typically involves configuring security groups to allow inbound connections on port 5432 from the source database's security group.

Enable the postgres_fdw Extension: The first step is always to enable the postgres_fdw extension in the database where you intend to create the foreign tables. This only needs to be done once per database.

CREATE EXTENSION postgres_fdw;

Create a Foreign Server Definition: Next, I define the connection details for the remote database using CREATE SERVER. This acts as a logical representation of the external data source.

CREATE SERVER foreign_server_sales_history
    FOREIGN DATA WRAPPER postgres_fdw
    OPTIONS (host 'your_target_db_endpoint', port '5432', dbname 'historical_sales_db');

Here, replace 'your_target_db_endpoint' with the actual hostname or IP address of your remote PostgreSQL server (e.g., an Aurora RDS endpoint), '5432' with its port, and 'historical_sales_db' with the name of the database you wish to connect to on the remote server.

Create User Mappings: User mappings define how local database users authenticate against the remote server. This is a critical security aspect, as it dictates which remote credentials are used when a local user queries a foreign table. There are two primary ways I typically set this up: for public access (less secure, but simpler) or for specific user-based access (more secure and recommended).

How to Set Up Data Wrapper for Public Access

Setting up a user mapping FOR PUBLIC means that any user connecting to your local database will use the same, predefined remote credentials when accessing foreign tables associated with that server. This approach simplifies configuration but requires careful consideration of security, as all local users implicitly share the remote user's privileges.

CREATE USER MAPPING FOR PUBLIC
    SERVER foreign_server_sales_history
    OPTIONS (user 'remote_public_user', password 'remote_public_password');

In this example, remote_public_user and remote_public_password must be valid credentials on the historical_sales_db at your_target_db_endpoint. Any local user querying foreign_server_sales_history will authenticate as remote_public_user. This is suitable for scenarios where the foreign tables contain non-sensitive, read-only data, and all local users require the same level of access to it.

How to Set Up Data Wrapper for Specific Users (Private Current User Mapping)

For enhanced security and granular control, I strongly recommend creating user mappings for specific local users. This allows each local user to authenticate to the remote server using their own distinct set of credentials, potentially having different permissions on the remote database. This approach aligns better with the principle of least privilege and allows for better auditing.

-- For a specific local user, e.g., 'analyst_user'
CREATE USER MAPPING FOR analyst_user
    SERVER foreign_server_sales_history
    OPTIONS (user 'remote_analyst_user', password 'remote_analyst_password');

-- For another local user, e.g., 'admin_user'
CREATE USER MAPPING FOR admin_user
    SERVER foreign_server_sales_history
    OPTIONS (user 'remote_admin_user', password 'remote_admin_password');

Here, analyst_user and admin_user are local users in my current PostgreSQL database. remote_analyst_userand remote_analyst_password are the credentials analyst_user will use on the historical_sales_db, and similarly for admin_user. This method allows for distinct access patterns and auditing on the remote system based on the local user's identity.

Define Foreign Tables: Once the server and user mappings are in place, I can define the foreign tables. There are two main ways to do this: importing an entire schema or creating individual foreign tables.

  • Option A: Import an Entire Foreign Schema (Recommended for Simplicity): This is often the most convenient method, especially if I need to access many tables from a remote schema. It automatically discovers and creates foreign table definitions for all tables (or specific ones) within a remote schema. 
    IMPORT FOREIGN SCHEMA public FROM SERVER foreign_server_sales_history INTO public;

    This command imports all tables from the public schema on historical_sales_db and creates corresponding foreign tables in the public schema of my local database. If the remote schema is large, LIMIT TO or EXCEPT clauses can be used to import specific tables.

  • Option B: Create Individual Foreign Tables: If I only need specific tables or wish to define column names/types differently (though this is rare unless there's a specific need for data transformation), I can create foreign tables individually. 
    CREATE FOREIGN TABLE foreign_sales_data (
    sale_id INT,
    product_code VARCHAR(50),
    sale_date DATE,
    quantity INT,
    revenue NUMERIC(10, 2)
) SERVER foreign_server_sales_history
OPTIONS (schema_name 'public', table_name 'sales');

    Here, foreign_sales_data is the name of my local foreign table, mapping to the sales table in the public schema on the remote server.

Once the foreign tables are defined, I can query them just like any local table:

SELECT sale_date, SUM(revenue) FROM foreign_sales_data WHERE sale_date >= '2023-01-01' GROUP BY sale_date;

Figure 1: Conceptual representation of data flow facilitated by a Foreign Data Wrapper.

Grants and Privileges Required to Access Foreign Data Wrapper

Access to Foreign Data Wrapper components is governed by PostgreSQL's standard privilege system. To allow users to query foreign tables, I need to grant them specific permissions.

  • USAGE on the Foreign Server: Users must have the USAGE privilege on the foreign server definition. This allows them to see and use the server object. 
    GRANT USAGE ON FOREIGN SERVER foreign_server_sales_history TO analyst_user;
  • SELECT on Foreign Tables: Users need SELECT (and potentially INSERT, UPDATE, DELETE if the FDW supports write operations and the remote user has those permissions) privileges on the specific foreign tables they wish to query. 
    GRANT SELECT ON foreign_sales_data TO analyst_user;

    For convenience, especially after importing a schema, I often grant SELECT on all foreign tables within a specific schema:

    GRANT SELECT ON ALL FOREIGN TABLES IN SCHEMA public TO analyst_user;
-- To ensure future foreign tables also get this privilege
ALTER DEFAULT PRIVILEGES FOR ROLE "superuser" IN SCHEMA public GRANT SELECT ON FOREIGN TABLES TO analyst_user;

    (Note: Replace "superuser" with the role that creates foreign tables if it's not the actual superuser).

  • Who can Create FDW Components: Only superusers or users with specific roles granted CREATE SERVERand CREATE USER MAPPING privileges can create and alter foreign servers and user mappings. Access to ALTER USER MAPPING for a specific user also requires ownership of that user mapping or superuser privileges.

Conclusion

Foreign Data Wrappers are a testament to PostgreSQL's extensibility and its commitment to robust data management. My experience using them, especially with modern cloud deployments like Aurora PostgreSQL on AWS RDS, confirms their immense value in seamlessly integrating disparate data sources. They provide a powerful solution for data federation, reducing the need for costly and complex ETL processes and enabling real-time insights across an organization's data landscape. However, like any powerful tool, FDWs must be used judiciously. Careful consideration of performance implications, network dependencies, and robust security management, particularly around user mappings and privileges, is paramount to leveraging their full potential effectively and responsibly. When implemented thoughtfully, FDWs stand as a cornerstone of agile and interconnected data architectures.

Rate

You rated this post out of 5. Change rating

Share

Categories

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content

SQLServerCentral Editorial

Friendship and Your Career

PASS Data Community Summit is coming up like an out of control freight train. Another couple of weeks and it'll be here. I'm excited about it every year and I really hope to see you there. Please, consider this a personal invite to say hi if you see me around. I'm bringing all this up […]

5 (2)

You rated this post out of 5. Change rating

2022-10-29

121 reads

SQLServerCentral Editorial

Learning New Technology Is Challenging

On nights and weekends, I've been playing with Arduino controllers. I have a couple of projects I'm working through (building a robot that can roll around with "eyes" to avoid obstacles). I've also been trying to work with STM32 controllers, because in a lot of ways, they're more powerful than an Arduino. However, I've hit […]

5 (1)

You rated this post out of 5. Change rating

2022-10-08

144 reads

SQLServerCentral Editorial

Who Are You?

I was sitting here thinking about the editorial when Kathi Kellenberger came to mind. She would frequently write about her favorite show, Star Trek. I too have been a fan of Star Trek since I was very young. However, my favorite show is a little more obscure and not as many people have seen it, […]

5 (2)

You rated this post out of 5. Change rating

2022-09-17

207 reads

SQLServerCentral Editorial

Things Move Fast

I have several things I’d like to say in the editorial today, but I feel I have to start off with my condolences to the family of Queen Elizabeth II. For that matter, my condolences to the people of Britain. This truly is the end of an era. Things do indeed move fast sometimes. Working […]

5 (2)

You rated this post out of 5. Change rating

2022-09-10

157 reads

SQLServerCentral Editorial

Time To Recharge

Redgate is a great place to work for a lot of reasons. One of those has come up for me. It's time for my sabbatical. Every five years we get six weeks paid leave. Mine starts Monday. I'll still be clearing out my email (the thought of six weeks worth gives me horrors), and I'll […]

You rated this post out of 5. Change rating

2022-07-16

134 reads