Set up Cloud SQL for PostgreSQL

Configure authentication and connection settings for your Cloud SQL (PostgreSQL) instance to enable Atlan to crawl metadata and establish a secure connection.

Prerequisites

Before you begin, make sure you have:

• Cloud SQL for PostgreSQL instance running in Google Cloud Platform
• Database administrator access to create users and grant permissions

Permission required

Before setting up the Cloud SQL for PostgreSQL connector, you need:

• Administrative access to your Cloud SQL for PostgreSQL instance to create users and grant permissions
• To run the setup statements for each database and schema you want to crawl

Configure authentication

Choose the authentication method that best fits your security requirements and infrastructure setup.

Built-in authentication

To use built-in (or basic) authentication, follow these steps:

Create a username and password as described here

Identity and access management (IAM) authentication

To use IAM database authentication, follow these steps:

1. Enable IAM authentication for your database instance by following these steps.

2. Add IAM User/Service account and provide necessary roles by following the steps.

Create database role

Connect to the database instance (for example using Cloud SQL Studio) and run the following commands to create the role:

CREATE ROLE atlan_user_role;

Grant permissions to the role

1. To crawl metadata from Cloud SQL (PostgreSQL), Atlan requires USAGE privileges on the schemas. This permission enables Atlan to access schema objects and fetch technical metadata from the INFORMATION_SCHEMA.

   GRANT USAGE ON SCHEMA <schema> TO atlan_user_role;

   • Replace <schema> with the schema name to grant access. Repeat the GRANT statement for each additional schema you want Atlan to crawl.

2. [Optional] To preview and query data within Atlan's Insights module, the user requires SELECT privilege. Follow these steps to grant permissions:

   GRANT SELECT, REFERENCES ON ALL TABLES IN SCHEMA schema_name TO atlan_user_role;

   • Replace schema_name: Name of the schema you want Atlan to access.
   • Replace atlan_user_role: Role assigned to Atlan in your database.

Assign role to users

Once the user (built-in or IAM based) and the database role is created, assign the role to the user:

GRANT atlan_user_role TO <username>;

Next steps

• Crawl Cloud SQL for PostgreSQL assets: Extract metadata from your Cloud SQL for PostgreSQL database and establish a connection between Atlan and your database