SQL Server RDS Setup Guide

Prerequisiteslink

To connect your generic SQL Server database to Fivetran, you need:

• SQL Server 2012 - 2019
• Your database host’s IP (e.g., 1.2.3.4) or domain (your.server.com)
• Your database’s port (usually 1433)

IMPORTANT: We do not support single-user mode.

Choose a connection method link

First, decide whether to connect your SQL Server database directly, using an SSH tunnel, or using AWS PrivateLink.

Connect directly (TLS required)link

IMPORTANT: You must have TLS enabled on your database to connect directly to Fivetran.

Fivetran connects directly to your database instance. This is an easy and secure connection method.

To connect directly, create a security rule to allow access to Fivetran’s IP.

Connect using SSHlink

Fivetran connects to a separate server in your network that provides an SSH tunnel to your database. You must connect through SSH if your database is in an inaccessible subnet.

Before you proceed to the next step, you must follow our SSH connection instructions to give Fivetran access to your SSH tunnel.

To connect using SSH, configure your VPC Security Groups and Network Access Control Lists (ACLs) to allow incoming connections to your SQL server host and port (usually 1433) from your SSH tunnel server’s IP address.

Connect using AWS PrivateLinklink

IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.

AWS PrivateLink allows VPCs and AWS-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. PrivateLink is the most secure connection method. Learn more in AWS’ PrivateLink documentation.

Follow our AWS PrivateLink setup guide to configure PrivateLink for your database.

Enable accesslink

Configure a server firewall to grant Fivetran’s data processing servers access to your database.

Configure security grouplink

Note: These instructions assume that your instance is in a VPC.

1. Click on your SQL instance to expand the view, then go to the Configuration Details tab.

   

2. A panel of details for your read replica appears. Verify that the Publicly Accessible value is Yes if you choose to connect directly. You do not have to make your database publicly accessible if you choose to connect using SSH.

   

3. Write down the read instance’s port number. You will need this later.

   

4. Click the link to the read instance’s Security Group.

   

5. In the security group panel, select the Inbound tab.

   

6. Click Edit.

   

7. Click Add Rule. This creates a new Custom TCP Rule at the bottom of the list with a blank space for a Port Range and a Source IP address.

   

8. Enter your Port Range and Source IP address values.

   • In the Port Range field, enter your instance’s port number that you wrote down in Step 3 of this section (usually 1433).
   • In the Custom IP field, enter Fivetran’s IP if you are connecting directly or {your-ssh-tunnel-server-ip-address}/32 if you are connecting through an SSH tunnel.

   

9. Click Save.

   

Configure Network ACLslink

1. Return to the RDS Dashboard and click on your instance.

   

2. Click the link to the instance’s VPC.

   

3. Select the VPC.

   

4. In the Summary tab, click the Network ACL link.

   

You will see tabs for Inbound Rules and Outbound Rules. You need to edit both.

Enter host and port in setup formlink

In your Fivetran setup form, enter your host and port.

• For the Host, enter the URL from the Endpoint field in RDS dashboard, without the port.

• For the Port, enter the port from the Endpoint field in RDS dashboard (1433 is the default).

  

Create userlink

Create a database user for Fivetran’s exclusive use.

1. Connect to your SQL Server database as an admin user.

2. Execute the following SQL commands to create a user for Fivetran. Replace <database> with the name of your database, <username> with the username of your choice, and <password> with a password of your choice:

USE [<database>];
CREATE LOGIN <username> WITH PASSWORD = '<password>';
CREATE USER <username> FOR LOGIN <username>;

Grant user permissionslink

Once the Fivetran user is created, grant it SELECT permission for the set of databases, schemas, tables, or specific columns you would like Fivetran to sync. You can grant access to everything in a given database:

GRANT SELECT on DATABASE::<database> to <username>;

or all tables in a given schema:

GRANT SELECT on SCHEMA::<schema> to <username>;

or a specific table:

GRANT SELECT ON [<schema>].[<table>] TO <username>;

or a set of specific columns in a table:

GRANT SELECT ON [<schema>].[<table>] ([<column 1>], [<column 2>], ...) TO <username>;

Enter user, password, and database in setup formlink

In your Fivetran setup form, enter your user, password, and database name.

• For the User, enter the username you created.
• For the Password, enter the password you set when you created the user.
• For the Database, enter the database you want to replicate from.

Enable incremental updateslink

We use one of SQL Server’s two built-in tracking mechanisms for incremental updates: change tracking (CT) and change data capture (CDC). When enabled, both CT and CDC keep a record of the table rows that have changed in a certain window of time (the default window is the most recent 2 days). These mechanisms let Fivetran copy only the rows that have changed since the last data sync so we don’t have to copy the whole table every time.

NOTE: You cannot enable CT or CDC on a read replica. If you enable CDC on your primary database, it applies to your read replica. However, if you enable CT on your primary database, it does not apply to your read replica.

Choose to enable either change tracking or change data capture. To learn more about CT and CDC, see our updating data documentation.

Change trackinglink

1. Enable change tracking at the database level:

   ALTER DATABASE [<database>] SET CHANGE_TRACKING = ON;
   

2. Enable CT for each table you want to integrate:

   ALTER TABLE [<schema>].[<table>] ENABLE CHANGE_TRACKING;
   

3. Grant the Fivetran user VIEW CHANGE TRACKING permission for each of the tables that have change tracking enabled:

   GRANT VIEW CHANGE TRACKING ON [<schema>].[<table>] TO <username>;
   

Change data capturelink

1. Enable change data capture at the database level:

   EXEC msdb.dbo.rds_cdc_enable_db [<database>];
   

2. Enable CDC for each table you want to integrate:

   EXEC sys.sp_cdc_enable_table  
   @source_schema = [<schema>],
   @source_name   = [<table>],
   @role_name     = [<username>];
   

NOTE: Fivetran only supports tables with a single CDC capture instance. Our syncs only include tables and columns that are present in a CDC instance. If you add new tables or columns, you must create a new CDC instance that includes them and delete the old instance.