Connecting to Amazon Web Services (AWS) by discovering streams

This topic describes configuring the connection from Guardium® Insights to AWS.

Before you begin

Ensure that Guardium Insights supports the data source environment that you will connect to.

After initiating the connection to your AWS data source, configure the connection to AWS by following these steps:

Procedure

  1. Required: Set the AWS credentials to use for the connection:
    1. To set up a new connection ensure that Connect an account is active and complete these required fields:
      1. Create a name for your account: This unique name (with a minimum of 4 characters) is used to identify your account in the future.
      2. Add your access information:
        1. To authenticate with security credentials, select the Security-Credentials radio button. If you will also include an IAM-Role for authentication, select its radio button.
        2. AWS access key: Enter your AWS access key.
        3. AWS secret access key: Enter your AWS secret access key.
        4. Role ARN: This field is only available if you selected the IAM-Role radio button. Enter your Role ARN in this field.
    2. To reuse an existing connection, click Use existing account and then select the radio button next to the account that you want to use.
  2. Click Next.
  3. Required: The Discover streams page lists the AWS regions that contain streams. Select one or more regions in which you want to discover streams (regions that do not have available streams cannot be selected).
  4. Click Next.
  5. Required: All available streams in the selected regions display in the Connect streams page. Select the stream that you want to connect to and then click Next.
  6. Required: In the Enable monitoring page, enter the information that is needed to enable monitoring (all fields in this page are required):
    1. Port: Specify the database port number.
    2. Database DNS endpoint: Specify the database DNS endpoint (host).
    3. Consumer group name: Determines whether multiple consumers have a shared or separate view of this data stream. To share the data stream view, use the same consumer group name. The consumer group name can be any name that is unique.
    4. Cluster resource ID: The cluster resource ID for the AWS RDS cluster associated with the stream. If you enter an invalid or unknown cluster resource ID, an error is reported in the status for the stream.
    5. Database type: Choose the database type to connect to.
  7. Click Next.
  8. Optional: To be able to complete actions such as blocking, complete the Add database credentials page:
    1. Database name: Enter the database name.
    2. Database host: Enter the database host.
    3. Username and Password: Enter your database user credentials.
    Important: Blocking users is supported on AWS PostgreSQL, but not AWS Aurora. If you are connected to AWS Aurora, leave the default values in this page as-is.
  9. Click Connect and finish.

What to do next

After you add a data source, it is scanned almost immediately. You can use these actions to work with connections:

  • To delete a connection, select its checkbox, and click Remove in the banner that opens. You can select multiple connections and remove them with this button.
  • To edit a connection, select its Connection name link in the table. This opens a panel that allows you to Enable or Disable the connection. In addition, you can see the status of the connection and edit its configurations.
  • To export a CSV list of the connections in the table, click Export CSV. This will export a list of only the connections that are currently in the table - it will not include any that have been filtered out.
  • To refresh the list of connections, click Refresh.

When viewing the list of Amazon Web Services and Azure connections, you can click on the account entry in the Account column. This opens a panel that allows you to modify the account settings. You can also use this panel to delete the account. If you delete the account, all streams that have been added for the account are also deleted.