Release Status Released Supported By Stitch
Availability Free Supported Versions Depends on database type
SSL Connections Unsupported VPN Connections Unsupported
Whitelisting Tables and columns View Replication Depends on database type
Destination Incompatibilities None

Connecting RDS

RDS Setup Requirements

To set up RDS in Stitch, you need:

  • Permissions in AWS that allow you to create/manage Security Groups. This is required to whitelist Stitch’s IP addresses.

  • Permissions in AWS that allow you to view database details. This is required for retrieving the database’s connection details.

  • Database permissions that allow you to create users and grant privileges. This is required to create a database user for Stitch and grant the permissions needed for replication.

Step 1: Whitelist Stitch's IP addresses

For Stitch to successfully connect with your RDS instance, you’ll need to add our IP addresses to the appropriate database security group via the AWS management console. To do this, an inbound security rule must be created for each of our IP addresses.

The IP addresses can be added to an existing group or you can create a new one. The important thing is that the group is authorized to access the instance you want to connect to Stitch.

  1. Log into your AWS account.
  2. In the management page for the security group, click the Inbound tab.
  3. Click the Edit button. This will display the Edit Inbound Rules window.
  4. In the Type field, select Custom TCP Rule.
  5. In the Port Range field, enter the port your database uses.
  6. In the CIDR, IP or Security Group field, enter the IP address. Below are all the IP addresses that must be added to the security group:





  7. To add another rule, click the Add Rule button.
  8. Repeat steps 3-6 until all the Stitch IP addresses have been added.
  9. Click the Save button.

Step 2: Retrieve your Public Key

The Stitch Public Key

The Public Key is used to authorize the Stitch Linux user. If the key isn’t properly installed, Stitch will be unable to access your database.

To retrieve the key:

  1. Sign into your Stitch account.

  2. On the Stitch Dashboard page, click the Add Integration button.

  3. Click the icon (ex: MySQL) for the type of database you’re connecting.

  4. When the credentials page displays, click the Encryption Type menu and select the SSH Tunnel option.

  5. The Public Key will display, along with the other SSH fields.

Leave this page open for now - you’ll need it to wrap things up at the end.

Step 3: Create a Stitch Linux user

Note: Anything inside square brackets - [like this] - is something you need to define when running the commands yourself.

  1. To create the new user, run the following commands as root on your Linux server:

    adduser --disabled-password [stitch_username]
    mkdir /home/[stitch_username]/.ssh
  2. Next, import the Public Key into authorized_keys. This will ensure the Stitch user has access to the database.

    Copy the entire key into the authorized_keys file by:

    "[PASTE KEY HERE]" >> /home/[stitch_username]/.ssh/authorized_keys
  3. Alter the permissions on the /home/[stitch_username] directory to allow access via SSH:

    chown -R [stitch_username]:[stitch_username] /home/[stitch_username]
    chmod -R 700 /home/[stitch_username]/.ssh

Step 4: Create a Stitch database user

This is the part of the process where the steps will vary depending on the database you’re using. The idea is the same, though: you’ll create a user for Stitch which we’ll use to access your database.

Click the tab for the type of database you're connecting to view instructions for creating the user.

Your organization may require a different process, but the simplest way to create this user is to execute the following query when logged into the RDS database as a user with the right to grant privileges. This user should also own the schema that Stitch is being granted access to.

CREATE USER [stitch username] WITH ENCRYPTED PASSWORD '[secure password]';
GRANT CONNECT ON DATABASE [database name] TO [stitch username];
GRANT USAGE ON SCHEMA [schema name] TO [stitch username];
GRANT SELECT ON ALL TABLES IN SCHEMA [schema name] TO [stitch username];

Replace [secure password here] with a secure password, which can be different than the SSH password. Additionally, make sure you replace [database name] and [schema name] with the appropriate names in your database.

If you want to connect multiple databases or schemas, repeat this process as necessary.

To create a database user for Stitch, run the following command when logged into RDS:

CREATE USER '[stitch_username]'@'localhost' IDENTIFIED BY '[password]';

Replace [password] with a secure password. If using SSH, this can be different than the SSH password.

If you wish to restrict this user from accessing data in specific databases, tables, or columns, you can instead run GRANT queries that only allow access to the data you permit.

To bring your rds data into Stitch, the system will run SELECT queries on your database. Initially this is done to get a snapshot of the database’s structure. After the first replication job completes, you can set Replication Methods for individual tables to potentially reduce your update times and the load on your server.

Creating a user with SELECT privileges can either be done via a query or the rds UI. In this section, we’ll walk you through using the query method.

  1. Log into your database.
  2. Create a SQL login for the Stitch database user:

    CREATE LOGIN [stitch_username] WITH PASSWORD=[password]
  3. Grant the Stitch user access to the database:

    USE [database]
  4. Create the Stitch database user and map them to the database:

    CREATE USER [stitch_username] FOR LOGIN 
  5. Grant the Stitch user SELECT privileges.

    To grant SELECT privileges to all tables in the database, run this command:

    GRANT SELECT to [stitch_username]

    If you wish to limit the Stitch user to specific tables, run this command instead:

    GRANT SELECT ON [schema_name].[table_name] TO [stitch_username]

To successfully connect and replicate your Mongo data, Stitch requires the ability to:

  • Run the listDatabases command. This permission is required so Stitch can detect the databases available for replication.
  • Run the listIndexes command. Because Stitch will only display indexed fields as Replication Key options, this permission is required to identify fields that can be used as Replication Keys.
  • COUNT and query on all the databases you want to replicate data from. These permissions are requird to replicate your data.
  • Run the dbVersion command. While this isn’t mandatory, it’s beneficial for Stitch to have access to the information this command yields to troubleshoot any connection or replication issues that may arise.

You can assign a role to the Stitch user if you like, as long as the role has the necessary permissions to perform the actions listed above.

When connecting to multiple databases, you can add the user by logging into Mongo as an admin user and running the following command. This example uses createUser, but older versions may use addUser. Documentation for addUser can be found here.

Replace [authentication_database] with the name of database where the user is authenticated, or created:

use [authentication_database]
db.createUser( {  user: "[stitch_username]",
                  pwd: "[secure password here]",
                  roles: ["roles here", "if you want them"]

Note: For Atlas-based instances, the authentication_database will be admin.

Step 5: Locate RDS Connection Details in AWS

The majority of this info can be found on the Database Details page in the AWS Console.

  1. Navigate to the RDS Dashboard.
  2. Select the RDS instance you want to connect to Stitch.
  3. Click the Instance Actions menu and select See Details.
  4. On this page, you’ll need to locate these fields:

    • Endpoint
    • Port

Below is a screen cap of this page with the required fields highlighted:

Amazon RDS Database Details page.

Leave this page open for now - you’ll need it to complete the setup in the next step.

Step 6: Connect Stitch

  1. Sign into your Stitch account, if you haven’t already.
  2. On the Stitch Dashboard page, click the Add Integration button.

  3. Click the icon (ex: MySQL) for the type of database you’re connecting.

  4. Fill in the fields as follows:

    • Integration Name: Enter a name for the integration. This is the name that will display on the Stitch Dashboard for the integration; it’ll also be used to create the schema in your data warehouse.

      For example, the name “Stitch RDS” would create a schema called stitch_rds in the data warehouse. Note: The schema name cannot be changed after the integration is saved.

    • Host (Endpoint): Paste the Endpoint address from the RDS Details page in AWS into this field.

      Don’t include the port number, which is appended to the end of the endpoint string - this will cause errors.

    • Port: Enter the port used by the RDS instance.

    • Username: Enter the Stitch RDS database user’s username.

    • Password: Enter the password for the Stitch database user.

    • Database: Enter the name of the RDS database that you created for Stitch. Stitch will ‘find’ all databases you give the Stitch user access to - a default database is only used to complete the connection.

      Depending on the type of database you’re connecting, this may be required to complete the setup.

Enter SSH Connection Details

If you’re using an SSH tunnel to connect your RDS database to Stitch, you’ll also need to complete the following:

  1. Click the Encryption Type menu.
  2. Select SSH Tunnel to display the SSH fields.

  3. Fill in the fields as follows:

    • Remote Address: Enter the IP address or hostname of the server Stitch will SSH into.

    • SSH Port: Enter the SSH port on your server. (22 by default)

    • SSH User: Enter the Stitch Linux (SSH) user’s username.

Step 7: Create a replication schedule

In the Replication Frequency section, you’ll create the integration’s replication schedule. An integration’s replication schedule determines how often Stitch runs a replication job, and the time that job begins.

Stitch offers two methods of creating a replication schedule:

  • Replication Frequency: This method requires selecting the interval you want replication to run for the integration. Start times of replication jobs are based on the start time and duration of the previous job. Refer to the Replication Frequency documentation for more information and examples.
  • Anchor scheduling: Based on the Replication Frequency, or interval, you select, this method “anchors” the start times of this integration’s replication jobs to a time you select to create a predictable schedule. Anchor scheduling is a combination of the Anchor Time and Replication Frequency settings, which must both be defined to use this method. Additionally, note that:

    • A Replication Frequency of at least one hour is required to use anchor scheduling.
    • An initial replication job may not begin immediately after saving the integration, depending on the selected Replication Frequency and Anchor Time. Refer to the Anchor Scheduling documentation for more information.

    • You’ll need to contact support to request using an Anchor Time with this integration.

To help prevent overages, consider setting the integration to replicate less frequently. See the Understanding and Reducing Your Row Usage guide for tips on reducing your usage.

Step 8: Select data to replicate

The last step is to select the tables and columns you want to replicate. When you track a table, you’ll also need to define its Replication Method and, if using Key-based Incremental Replication, its Replication Key.

You can track tables and columns by:

  1. In the Integration Details page, click the Tables to Replicate tab.
  2. Locate a table you want to replicate.
  3. Click the checkbox next to the object’s name. A green checkmark means the object is set to replicate.
  4. If there are child objects, they’ll automatically display and you’ll be prompted to select some.
  5. After you set a table to replicate, the Table Settings page will display. Note: When you track a table, by default all columns will also be tracked.
  6. In the Table Settings page, define the table’s Replication Method and, if using Key-based Incremental Replication, its Replication Key.

  7. Repeat this process for every table you want to replicate.

Initial and historical replication jobs

After you finish setting up RDS, its Sync Status may show as Pending on either the Stitch Dashboard or in the Integration Details page.

For a new integration, a Pending status indicates that Stitch is in the process of scheduling the initial replication job for the integration. This may take some time to complete.

Free historical data loads

The first seven days of replication, beginning when data is first replicated, are free. Rows replicated from the new integration during this time won’t count towards your quota. Stitch offers this as a way of testing new integrations, measuring usage, and ensuring historical data volumes don’t quickly consume your quota.

Extracting data from RDS

When you connect a database as an input, Stitch only needs read-only access to the databases, tables, and columns you want to replicate. There are two processes Stitch runs during the Extraction phase of the replication process: a structure sync and a data sync.

Structure sync queries

The first part of the replication process is called a structure sync. This process will detect any changes to the structure of your database. For example: a new column is added to one of the tables you’re syncing in Stitch.

Database type Structure sync queries

Stitch runs the following queries on Mongo databases to perform a structure sync:

  • db.getMongo().getDBNames()
  • db.getCollectionNames()

For every collection in the database - even those that aren’t set to replicate - Stitch also runs the following queries:

  • db.collection.count()
  • db.collection.getIndexes()
Microsoft SQL Server

To perform a structure sync, Stitch runs queries on the databases and partitions tables in the sys schema.


Stitch runs the following queries on MySQL-based databases to perform a structure sync:

  • SHOW KEYS FROM [table]

To perform a structure sync, Stitch runs queries on the following tables in the pg_catalog schema:

  • pg_class
  • pg_attribute
  • pg_index
  • pg_namespace

Data sync queries

The second step in the Extraction phase is called a data sync. This is where Stitch extracts data and replicates it. The method Stitch uses is the same for all databases, but differs depending on the Replication Method that each table uses.

Key-based Incremental Replication

For tables using Key-based Incremental Replication, Stitch runs a single query and reads out of the associated cursor in batches:

  SELECT column_a, column_b <,...>
    FROM table_a
   WHERE replication_key_column >= 'last_maximum_replication_key_value'
ORDER BY replication_key_column

Full Table Replication

For tables using Full Table Replication, Stitch runs a single query and reads out of the resulting cursor in batches:

SELECT column_a, column_b <,...>
  FROM table_a


While we make every effort to ensure the queries that Stitch executes don’t impart significant load on your databases, we still have some recommendations for guaranteeing database performance:

  • Use a replica database instead of connecting directly. We recommend using read replicas in lieu of directly connecting production databases with high availability and performance requirements.
  • Apply indexes to Replication Key columns. We restrict and order our replication queries by this column, so applying an index to the columns you’re using as Replication Keys can improve performance.

Questions? Feedback?

Did this article help? If you have questions or feedback, feel free to submit a pull request with your suggestions, open an issue on GitHub, or reach out to us.