Connecting to Amazon Web Services (AWS) by manually adding a stream

If you are unable to discover streams automatically after connecting to AWS, you can add streams manually.

Before you begin

Ensure that Guardium® Insights supports the data source environment that you will connect to.

After initiating the connection to your AWS data source, configure the connection to AWS by following these steps:

Procedure

  1. Required: Set the AWS credentials to use for the connection:
    1. To set up a new connection ensure that Connect an account is active and complete these required fields:
      1. Create a name for your account: This unique name (with a minimum of 4 characters) is used to identify your account in the future.
      2. Add your access information:
        1. To authenticate with security credentials, select the Security-Credentials radio button. If you will also include an IAM-Role for authentication, select its radio button.
        2. AWS access key: Enter your AWS access key.
        3. AWS secret access key: Enter your AWS secret access key.
        4. Role ARN: This field is only available if you selected the IAM-Role radio button. Enter your Role ARN in this field.
    2. To reuse an existing connection, click Use existing account and then select the radio button next to the account that you want to use.
  2. Click Next.
  3. Required: Use the Add stream details page to manually add the details for the stream that you want to add:
    1. Stream name: Enter the name of the stream to connect to.
    2. Region: Select the region in which the selected stream is located.
    3. Port: Specify the database port number.
    4. Cluster resource ID: The cluster resource ID for the AWS RDS cluster associated with the stream. If you enter an invalid or unknown cluster resource ID, an error is reported in the status for the stream.
    5. Consumer group name: Determines whether multiple consumers have a shared or separate view of this data stream. To share the data stream view, use the same consumer group name. The consumer group name can be any name that is unique.
    6. Database DNS endpoint: Specify the database DNS endpoint (host).
    7. Database type: Choose the database type to connect to.
  4. Click Next.
  5. Optional: To be able to complete actions such as blocking, complete the Add database credentials page:
    1. Database name: Enter the database name.
    2. Database host: Enter the database host.
    3. Username and Password: Enter your database user credentials.
    Important: Blocking users is supported on AWS PostgreSQL, but not AWS Aurora. If you are connected to AWS Aurora, leave the default values in this page as-is.
  6. Click Connect and finish.

What to do next

After you add a data source, it is scanned almost immediately. You can use these actions to work with connections:

  • To delete a connection, select its checkbox, and click Remove in the banner that opens. You can select multiple connections and remove them with this button.
  • To edit a connection, select its Connection name link in the table. This opens a panel that allows you to Enable or Disable the connection. In addition, you can see the status of the connection and edit its configurations.
  • To export a CSV list of the connections in the table, click Export CSV. This will export a list of only the connections that are currently in the table - it will not include any that have been filtered out.
  • To refresh the list of connections, click Refresh.