Heroku Postgres Basic Plan and Row Limits

Today, the Heroku Postgres team released into beta the new basic plan, $9 / month version of the free dev plan.

Accompanying this announcement is the implementation of a 10,000 row limit on the dev plan. This row limit was designed to correspond to the 5mb limit on the existing free shared plan.

Please note that these plans are still beta, and Heroku Postgres has not yet announced a migration schedule from the shared plan. However you can start using these plans today.

Read more about the new plan, and the mechanics of the row limits on the Heroku Postgres Blog.

Ten Million Rows for Under Ten Bucks

Six weeks ago we launched into beta the Heroku Postgres dev plan, a free, postgres 9.1 plan that offers many of the features of our production tier service. Over 3,000 of these dev databases are in active use, and it has been operating exceptionally well.

When we launched the dev plan, we wrote that the plan would be limited based on rows rather than physical byte size. Today we are implementing a 10,000 row limit for the dev plan. This limit was chosen to correspond to the 5mb limit on the existing, shared database service. Over 98% of the active shared databases that are under 5mb are also under the 10,000 row limit.

Introducing the Basic Plan

If you need more than 10,000 rows, you can upgrade to the production tier crane plan ($50 / mo), or upgrade to the new new basic plan, available today.

Basic is identical to dev except that it has a 10 million row limit. The basic plan will be available for $9 / month when it exits beta. We expect the beta period for basic to be brief, so it should be provisioned only if you intend to purchase it.

Understanding Row Limits

The dev and basic database plans are both row limited. In order to ensure that the row limits do not disrupt application operation, we have developed the following mechanism for enforcement:

  1. When your database is at 70% of its row capacity, the owner receives a warning e-mail.
  2. When the database exceeds its row capacity, the owner will receive an additional notification. At this point, the database will receive a 24-hour grace period to either reduce the number of records, or migrate to another plan.
  3. If the number of rows still exceeds the plan capacity after 24 hours, INSERT privileges will be revoked on the database. Data can still be read, updated or deleted from database. This ensures that users still have the ability to bring their database into compliance, and retain access to their data.
  4. Once the number of rows is again in compliance with the plan limit, INSERT privileges are automatically restored to the database. Note that the database sizes are checked asynchronously, so it may take a few minutes for the privileges to be restored.

The Future

The dev and basic plans are a big leap forward from the current shared database offering. By leveraging the infrastructure of our production tier plans, we've built a powerful, low-cost database service that is accesible to a wide audience of developers.

We encourage all of our users to start using the dev plan by default for all new apps. Simply enable the Heroku Labs feature flag:

$ heroku labs:enable default-heroku-postgresql-dev

Please read more about this flag on this Dev Center article.

You can also provision a database through the Heroku add-ons catalog or standalone service today.

Codon Security Issue and Response

Heroku learned of and resolved a security vulnerability last week. We want to report this to you, describe how we responded to the incident, and reiterate our commitment to constantly improving the security and integrity of your data and source code.

On Tuesday, June 26, Jonathan Rudenberg notified us about an issue in our Codon build system. The Codon build system is responsible for receiving application code from Git and preparing it for execution on the Aspen and Cedar stacks. This vulnerability exposed a number of sensitive credentials which could be used to obtain data and source code of customer applications. Upon receiving notification we rolled the most sensitive credentials. An initial patch was in place within 24 hours. The final patch was deployed to production after thorough testing the morning of Friday, June 29. That same morning all relevant credentials were rotated.

Subsequent to this patch, we conducted a thorough and comprehensive audit of our internal logs. We found no evidence that these credentials were used to obtain customer data or credentials, either by Jonathan or any third parties.

We would like to thank Jonathan for notifying us of this vulnerability last week, and giving us ample opportunity to fix it. He provides his description of events on his blog at http://titanous.com/posts/vulnerabilities-in-heroku-build-system

We are confident in the steps we took to protect our customers from this vulnerability and are redoubling our efforts to provide you with the most secure cloud platform available. We would also like to reaffirm our commitment to the security and integrity of our customer's data and code. Nothing is more important to us.

Cedar is the Default Heroku Stack

The Heroku Cedar stack went public beta last year with a series of blog posts. Since then, over 80,000 developers have deployed over 4.5 million times, to apps written in dozens of different programming languages and frameworks. Today, over 75 percent of Heroku app development activity is on the Cedar stack. Production apps like Banjo, Rapportive, PageLever, do.com, and Project Zebra run on Cedar; some of these serve hundreds of millions or even billions of requests per month.

Cedar features a streamlined HTTP stack allowing for advanced HTTP capabilities, heroku run for execution of arbitrary one-off dynos, Procfile and the process model for execution of any type of worker process. Most importantly, Cedar is a polyglot platform with official support for Clojure, Java, Node.js, Python, Ruby, and Scala, and extensibility for unlimited others via buildpacks.

You can still create applications on one of our other stacks using heroku create --stack, but we recommend Cedar for all new apps. If you have applications under active development running on Aspen or Bamboo, we recommend migrating to Cedar.

Cedar Goes GA

As of today, the Cedar stack is now in general availability.

Cedar features a streamlined HTTP stack allowing for advanced HTTP capabilities, heroku run for execution of arbitrary one-off dynos, Procfile and the process model for execution of any type of worker process. Most importantly, Cedar is a polyglot platform with official support for Clojure, Java, Node.js, Python, Ruby, and Scala, and extensibility for unlimited others via buildpacks.

The Dev Center team has spent the last few months “Cedar-izing” our developer documentation, so now most articles describe use of Heroku on the Cedar platform. (Aspen and Bamboo remain documented in their own section.)

Cedar is the most powerful, performant, and reliable of the three Heroku runtime stacks. In a few weeks, we'll be making it the default. But don't wait for that; even in the meantime we recommend using heroku create --stack cedar for all new apps, especially those in production. If you have applications under active development running on Aspen or Bamboo, we recommend migrating to Cedar.

Browse the blog archives or subscribe to the full-text feed.