Amazon Relational Database Service (RDS) allows you to deploy, and scale multiple editions of MS SQL Server in minutes with cost-efficient and resizable compute capacity.

You can ingest data from your Amazon RDS MS SQL Server using Hevo Pipelines and replicate it to a Destination of your choice.


Perform the following steps to configure your Amazon RDS MS SQL Source:

Enable Change Tracking

The Change Tracking mechanism captures changes made to a database. In order to enable, or disable change tracking, the database user must have the ALTER DATABASE privilege.

To enable change tracking, connect your Amazon RDS MS SQL database in your SQL Client tool, and enter these commands:

  • Enable change tracking at the database level:


    The CHANGE_RETENTION value specifies the time period for which change tracking information is retained. You can use AUTO_CLEANUP to enable or disable the cleanup task that removes old change tracking information. Read Enable Change Tracking for a Database.

  • Enable change tracking at the table level:

    ALTER TABLE <schema_name>.<table> ENABLE CHANGE_TRACKING

    Repeat this step for each table you want to replicate using log-based incremental replication. Read Enable Change Tracking for a Table.

Note: Hevo does not support Change Data Capture (CDC) for Amazon RDS MS SQL.

Whitelist Hevo’s IP Addresses

You need to whitelist the Hevo IP addresses for your region to enable Hevo to connect to your Amazon RDS MS SQL database. To do this:

  1. Open the Amazon RDS console.

  2. In the left navigation pane, click Databases (or Instances if you are using an older version).

  3. In the Databases section on the right, click the DB identifier of the Amazon RDS MS SQL instance.

    Click DB identifier

    Note: The instance does not necessarily have to be a replica as long as it whitelists Hevo’s IP address for the region.

  4. In the Connectivity & security tab, ensure Public Accessibility is set to Yes.

  5. Click the link text under Security, VPC security groups to open the Security Groups panel.

    Open Security Group panel

  6. In the Security Groups panel, click Inbound rules tab, and then, Edit inbound rules.

    Edit Inbound rules

  7. In the Edit inbound rules page:

    1. Click Add rule.

    2. In the Port range column, enter the port of your Amazon RDS MS SQL instance. The default value is 1433.

    3. In the Source column, select Custom from the drop-down and enter Hevo’s IP addresses for your region.

    4. Click Save rules.

      Save Inbound rules

  8. Click the Outbound rules tab, and then, Edit outbound rules.

  9. Repeat step 7, to configure Outbound Rules.

    Edit Outbound rules

Create a User and Grant Privileges

1. Create a user (optional)

To create a database user, log in to your Amazon RDS MS SQL instance as a masteruser in your SQL Client tool, and enter these commands:

  1. Select a database schema

    USE <schema_name>;
  2. Create a database user:

    CREATE LOGIN hevo WITH PASSWORD = '<enter_password>';
    CREATE USER hevo for login hevo;

Note: Skip this step if you are using an existing database user.

2. Grant privileges to the user

The database user specified in the Hevo Pipeline must have the following global privileges:


  • VIEW CHANGE TRACKING (If Pipeline Mode is Change Tracking)

To assign these privileges, log in to your Amazon RDS MS SQL instance as a masteruser in your SQL Client tool and enter the following commands:

  1. Grant SELECT privilege at the database level:

    GRANT SELECT ON DATABASE::<database> TO <db_username>;
  2. Grant SELECT privilege at the table and schema level:

    GRANT SELECT ON <schema_name>.<table_name> TO <db_username>;
  3. Grant VIEW CHANGE TRACKING privilege, if Pipeline Mode is Change Tracking:

    GRANT VIEW CHANGE TRACKING ON <schema_name>.<table_name> TO <username>;

Specify Amazon RDS SQL Server Connection Settings

Specify the following settings in the Configure your Amazon RDS SQL Server Source page:

  • Pipeline Name: A unique name for the Pipeline.

  • SQL Server Host: SQL Server host’s IP address or DNS.

    The following table lists a few examples of SQL Server host:

    Variant Host
    Amazon RDS MS SQL
    Azure MS SQL
    Generic MS SQL or
    Google Cloud SQL Server

    Note: For URL-based hostnames, exclude the http:// or https:// part. For example, if the hostname URL is, enter

  • SQL Server Port: The port on which your SQL Server is listening for connections. Default value: 1433.

  • SQL Server User: The read-only user that can read the tables in your database.

  • SQL Server Password: Password for the read-only user.

  • Database Name: The database that you wish to replicate.

  • Schema Name: The schema that holds the tables to be replicated. Default value: dbo.

  • Connect through SSH: Enable this option to connect to Hevo using an SSH tunnel, instead of directly connecting your SQL Server database host to Hevo. This provides an additional level of security to your database by not exposing your SQL Server setup to the public. Read Connecting Through SSH.

    If this option is disabled, you must whitelist Hevo’s IP addresses. Refer to the content for your SQL Server variant for steps to do this.

  • Advanced Settings:

    • Include New Tables in the Pipeline: Applicable for all Pipeline modes except Custom SQL. If enabled, Hevo automatically ingests data from tables created after the Pipeline has been built. If disabled, the new tables are listed in the Pipeline Detailed View in Skipped state, and you can manually include the ones you want and load their historical data.

      You can change this setting later.


Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Jul-26-2021 1.68 Added a note for the SQL Server Host field.
Jul-12-2021 NA Added section, Specify Amazon RDS SQL Server Connection Settings.
Mar-09-2021 1.58 Replaced references to Logical Replication with Change Tracking as Change Tracking is a distinct Pipeline mode for SQL Server Source types.
Feb-22-2021 1.57 Added section Create a User and Grant Privileges.
Last updated on 20 Jul 2021