Connect a PostgreSQL RDS database to Heroku

This tutorial will show you how to create and connect a postgres database hosted with Amazon Web Service’s RDS to a Heroku application.

  1. Create and launch a database instance on RDS with the default settings. Make sure ‘Public accessibility’ is set to Yes.
  2. Once your instance is created, click on it to view the details and settings.
  3. Scroll half way down the page to see your security group. Click on the security group so you can make edits.
  4. On the security group page, click the Inbound tab at the bottom of the page. Click edit, then change the Source to Your security group should look like this:
  5. Go back to RDS and click ‘Parameter groups’ on the left hand menu
  6. Click Create parameter group
  7. Give it a name like ‘forcessl’ and click Create. Then click on the newly created parameter group, filter to rds.force_ssl. Click edit parameter and change the value to 1. This setting will force all connections to your database to use SSL.
  8.  Click on your database instance again. Click the Instance Actions at the top left, then click Modify. Scroll towards the bottom and change the parameter group to your newly created group called forcessl. Click next, then change the radio option to Apply immediately, and click Modify DB instance.
  9. Download the SSL certificate from AWS using this link:
  10. Place it in the root of your application directory
  11. Set your DATABASE_URL to the following format:
    postgres://user:[email protected]_endpoint/dbname?sslrootcert=rds-combined-ca-bundle.pem

Note: when I say instance_endpoint, I mean the RDS endpoint that can be found under your instance details, ending with

You can now connect to your database securely using SSL. Test it out with psql by running:

psql -h instance_endpoint -p 5432 “dbname=mydbname user=dbuser sslrootcert=\Users\casey\SSH\rds-ca-2015-root.pem sslmode=verify-full”

You will see at the top that are you connected using SSL.

You can also connect using DataGrip by selecting the SSL tab on your connection and providing the path to the SSL certificate like so: