PostgreSQL Destination

Prerequisites

A PostgreSQL server (version 12 or later) accessible from the internet or via SSH tunnel
Permission to create users and grant privileges

Step 1: Create a Dedicated User

Connect to your PostgreSQL server and run:

-- Create a dedicated user for Landed
CREATE USER landed WITH PASSWORD '<strong-password>';

-- Grant privileges on the target schema
GRANT USAGE ON SCHEMA public TO landed;
GRANT CREATE ON SCHEMA public TO landed;

-- If using a custom schema:
-- CREATE SCHEMA IF NOT EXISTS landed_data;
-- GRANT USAGE ON SCHEMA landed_data TO landed;
-- GRANT CREATE ON SCHEMA landed_data TO landed;

The user needs:

USAGE on the target schema
CREATE on the target schema (to create new tables)
Landed will also need INSERT, UPDATE, DELETE on the tables it creates (granted automatically as the table owner)

Step 2: Allow Network Access

Cloud-hosted PostgreSQL

Amazon RDS / Aurora:

Go to AWS Console > RDS > your instance > Security Group
Add an inbound rule: Type = PostgreSQL, Source = Custom, with Landed's static IPs

Google Cloud SQL:

Go to Cloud Console > SQL > your instance > Connections
Under "Authorized networks", add Landed's static IPs

Supabase:

Supabase allows connections from any IP by default
Use the connection details from Settings > Database

Neon:

Neon allows connections from any IP by default
Use the connection string from the Neon dashboard

Landed's Static IPs

Environment	IPs
Production	`34.170.185.84`, `35.192.90.94`
Staging	`34.171.93.34`

SSH Tunnel (for private databases)

If your database is not publicly accessible, Landed supports SSH tunneling:

Set up a bastion/jump host with a public IP
Add Landed's SSH public key to the bastion's authorized_keys
Ensure the bastion can reach your database on port 5432
In Landed, enable the SSH tunnel toggle and fill in the bastion details

Step 3: Configure in Landed

Option A: Individual Fields

Field	Value
Host	Your database hostname or IP
Port	`5432` (default)
Database	Your database name
User	`landed` (the user you created)
Password	The password you set
Schema	`public` (or your custom schema)

Option B: Connection String

Provide a full PostgreSQL URI:

postgresql://landed:<password>@host:5432/mydb?sslmode=require

Step 4: SSL Configuration

We recommend using SSL for all connections. Most cloud providers enable SSL by default:

RDS: SSL is enabled by default; use sslmode=require
Cloud SQL: Use the Cloud SQL Auth proxy or SSL certificates
Supabase: SSL is enabled by default
Self-hosted: Configure ssl = on in postgresql.conf

Common Errors

Error	Cause	Fix
`Connection refused`	Wrong host/port or firewall blocking	Verify host, port, and that Landed's IPs are allowed
`Password authentication failed`	Wrong credentials	Double-check username and password
`Database does not exist`	Wrong database name	Verify the database name with `\l` in psql
`Permission denied for schema`	Missing grants	Run `GRANT USAGE, CREATE ON SCHEMA public TO landed;`
`SSL connection required`	Server requires SSL	Ensure `sslmode=require` in connection string
`Connection timed out`	Network unreachable	Check firewall rules and security groups

What Landed Creates

Landed creates tables in your specified schema with the naming pattern <connector>__<stream> (e.g., stripe__customers, hubspot__contacts). Each table includes metadata columns for sync tracking.

Prerequisites​

Step 1: Create a Dedicated User​

Step 2: Allow Network Access​

Cloud-hosted PostgreSQL​

Landed's Static IPs​

SSH Tunnel (for private databases)​

Step 3: Configure in Landed​

Option A: Individual Fields​

Option B: Connection String​

Step 4: SSL Configuration​

Common Errors​

What Landed Creates​