Configuring a database for Babelfish - Amazon Aurora

Configuring a database for Babelfish

When you create a Babelfish for Aurora PostgreSQL DB cluster, you can use a parameter group in one of two ways. You can create a new parameter group that configures a cluster with Babelfish running. Or you can use a pre-existing Amazon Aurora parameter group.

To use an existing parameter group, edit the group and set the babelfish_status parameter to on. Specify any Babelfish options before creating your Aurora PostgreSQL cluster. For information about modifying your parameter group, see Working with DB parameter groups and DB cluster parameter groups.

The following parameters control Babelfish preferences.

Parameter Type Default value Values allowed Description Modifiable?

rds.babelfish_status

String

off

on, off, datatypesonly

Sets the state of Babelfish for Aurora PostgreSQL; functionality. When this parameter is set to datatypesonly, Babelfish is turned off but SQL Server data types are still available.

Yes

babelfishpg_tds.default_server_name

String

Microsoft SQL Server

null

The default name of the Babelfish server.

Yes

babelfishpg_tds.port

Integer

1433

1-65535

Sets the TCP port used for requests in SQL Server syntax.

Yes

babelfishpg_tds.tds_default_protocol_version

Integer

0

TDSv7.0, TDSv7.1, TDSv7.1.1, TDSv7.2, TDSv7.3A, TDSv7.3B, TDSv7.4, DEFAULT

Sets a default TDS protocol version for connecting clients.

Yes

babelfishpg_tds.tds_ssl_encrypt

Boolean

0

0/1

Turns encryption on (0) or off (1) for data traversing the TDS listener port. For detailed information about using SSL for client connections, see How Babelfish interprets SSL settings.

Yes

babelfishpg_tds.tds_ssl_max_protocol_version

String

'TLSv1.2'

'TLSv1, TLSv1.1, TLSv1.2'

Sets the minimum SSL/TLS protocol version to use for the TDS session.

Yes

babelfishpg_tds.tds_ssl_min_protocol_version

String

'TLSv1'

'TLSv1, TLSv1.1, TLSv1.2'

Sets the minimum SSL/TLS protocol version to use for the TDS session.

Yes

babelfishpg_tds.tds_default_packet_size

Integer

4096

512-32767

Sets the default packet size for connecting SQL Server clients.

Yes

babelfishpg_tds.tds_default_numeric_scale

Integer

8

0-38

Sets the default scale of numeric type to be sent in the TDS column metadata if the engine doesn't specify one.

Yes

babelfishpg_tds.tds_default_numeric_precision

Integer

38

1-38

Sets the default precision of numeric type to be sent in the TDS column metadata if the engine doesn't specify one.

Yes

babelfishpg_tsql.version

String

null

default

Sets the output of @@VERSION variable.

Don't modify this value for Aurora PostgreSQL DB clusters.

Yes

babelfishpg_tsql.default_locale

String

en_US

Allowed

Default locale used for Babelfish collations. The default locale is only the locale and doesn't include any qualifiers.

Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, modifications to this parameter are ignored.

Yes

babelfishpg_tsql.migration_mode

List

single-db

single-db, multi-db,null

Defines if multiple user databases are supported.

Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, don't modify the value of this parameter.

No

babelfishpg_tsql.server_collation_name

String

bbf_unicode_general_ci_as

Babelfish collation support

The name of the collation used for server-level actions. Set once at provisioning time.

Set this parameter when you provision a Babelfish DB cluster. After the DB cluster is provisioned, don't modify the value of this parameter.

Yes

babelfishpg_tds.listen_addresses

String

*

null

Sets the host name or IP address or addresses to listen for TDS on.

No

babelfishpg_tds.enable_tds_debug_log_level

Integer

'1'

'0, 1, 2, 3'

Sets the logging level in TDS; 0 turns off logging.

Yes

babelfishpg_tds.unix_socket_directories

String

/tmp

NULL

TDS server Unix socket directories.

No

babelfishpg_tds.unix_socket_group

String

rdsdb

NULL

TDS server Unix socket group.

No

unix_socket_permissions

Integer

0700

0 - 511

TDS server Unix socket permissions.

No

How Babelfish interprets SSL settings

When a client connects to port 1433, Babelfish compares the Secure Sockets Layer (SSL) setting sent during the client handshake to the Babelfish SSL parameter setting (tds_ssl_encrypt). Babelfish then determines if a connection is allowed. If a connection is allowed, encryption behavior is either enforced or not, depending on your parameter settings and the support for encryption offered by the client.

The table following shows how Babelfish behaves for each combination.

Client SSL setting Babelfish SSL setting Connection allowed? Value returned to client

ENCRYPT_OFF

tds_ssl_encrypt=false

Allowed, the login packet is encrypted

ENCRYPT_OFF

ENCRYPT_OFF

tds_ssl_encrypt=true

Allowed, the entire connection is encrypted

ENCRYPT_REQ

ENCRYPT_ON

tds_ssl_encrypt=false

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_ON

tds_ssl_encrypt=true

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_NOT_SUP

tds_ssl_encrypt=false

Yes

ENCRYPT_NOT_SUP

ENCRYPT_NOT_SUP

tds_ssl_encrypt=true

No, connection closed

ENCRYPT_REQ

ENCRYPT_REQ

tds_ssl_encrypt=false

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_REQ

tds_ssl_encrypt=true

Allowed, the entire connection is encrypted

ENCRYPT_ON

ENCRYPT_CLIENT_CERT

tds_ssl_encrypt=false

No, connection closed

Unsupported

ENCRYPT_CLIENT_CERT

tds_ssl_encrypt=true

No, connection closed

Unsupported