diff --git a/docs/admin/external_services/postgres.mdx b/docs/admin/external_services/postgres.mdx index a48e298d8..049aa7a78 100644 --- a/docs/admin/external_services/postgres.mdx +++ b/docs/admin/external_services/postgres.mdx @@ -122,7 +122,7 @@ In order to enable IAM Auth, you first need to: - For EKS (k8s deployment), use [IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) - For EC2 (docker-compose deployment), use [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) -For [every services that require postgres database connection](https://github.com/sourcegraph/sourcegraph-public-snapshot/blob/main/lib/servicecatalog/service-catalog.yaml), ensure below environment variables are configured: +Configure the following environment variables for the **`sourcegraph-frontend`** service (or all `sourcegraph-frontend-*` services in Docker Compose deployments): - `PG_CONNECTION_UPDATER=EC2_ROLE_CREDENTIALS` - `PGSSLMODE=require` @@ -131,15 +131,20 @@ For [every services that require postgres database connection](https://github.co - `PGUSER=<>` - this should be the database accounts created above - `PGDATABASE=<>` - `CODEINTEL_PGSSLMODE=require` +- `CODEINTEL_PGHOST=<>` - `CODEINTEL_PGPORT=<>` -- `CODEINTEL_PGUSER=<>` this should be the database accounts created above +- `CODEINTEL_PGUSER=<>` - this should be the database accounts created above - `CODEINTEL_PGDATABASE=<>` - `CODEINSIGHTS_PGSSLMODE=require` - `CODEINSIGHTS_PGHOST=<>` - `CODEINSIGHTS_PGPORT=<>` -- `CODEINSIGHTS_PGUSER=<>` this should be the database accounts created above +- `CODEINSIGHTS_PGUSER=<>` - this should be the database accounts created above - `CODEINSIGHTS_PGDATABASE=<>` +**Optional:** If your workloads are in a specific AWS Region and you want to use regional STS endpoints for improved latency and resiliency, also set: + +- `AWS_STS_REGIONAL_ENDPOINTS=regional` - This configures the AWS SDK to use regional STS endpoints (e.g., `sts.us-west-2.amazonaws.com`) instead of the global endpoint (`sts.amazonaws.com`). This is recommended for better performance and resilience. See [AWS documentation](https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html) for more details. + ## Usage with PgBouncer [PgBouncer] is a lightweight connections pooler for PostgreSQL. It allows more clients to connect with the PostgreSQL database without running into connection limits.