Learn how to configure the connection from Guardium® Data Security Center to Amazon Web Services (AWS).
Before you begin
Attention: Amazon Kinesis is required to connect with the Amazon Web Services (AWS)
Aurora PostgreSQL.
After initiating the connection to your
AWS data source, configure the connection to AWS as
follows:
Procedure
- Open the main menu at the upper left of the page (open this menu by
clicking the main menu icon (
)) and then click Connections - or click View
all connections in the Connections to Guardium Data Security Center
card in the Dashboards page.
- To add an Amazon Web Services (AWS) connection, click Create
connection, and then select Amazon Aurora
Postgresql.
- From Choose an option, select Discover
streams and then click Configure to open the Amazon
Kinesis credentials page.
- Required: Set the AWS credentials to use
for the connection:
- To set up a new connection, ensure that Connect an account is
active and provide the following information:
- Create a name for your account: This unique
name (with a minimum of 4 characters) is used to identify your account in the future.
- Add your access information:
- To authenticate with security credentials, select Security-Credentials.
If you also use an IAM-Role for authentication, select
IAM-Role.
- AWS access key: Enter your AWS access key.
- AWS secret access key: Enter your AWS secret access key.
- Role ARN: This field is only available if you selected
IAM-Role. Enter your Role ARN in this field.
- To reuse an existing connection, click Use existing account and
then select the account that you want to use.
- Click Next.
- Required: The Discover streams page lists the AWS
regions that contain streams. Select one or more regions in which you want to discover streams (you
can select regions only with streams available).
- Click Next.
- Required: All available streams in the selected regions display in the
Connect streams page. Select the stream that you want to connect to and then
click Next.
- Required: In the Enable monitoring page, enter the
information that you need to enable monitoring (all fields are required):
- Port: Specify the database port
number.
- Database DNS endpoint: Specify the
database DNS endpoint (host).
- Consumer group name: Determines
whether multiple consumers have a shared or separate view of this data stream. To share the data
stream view, use the same consumer group name. The consumer group name can be any name that is
unique.
- Cluster resource ID: The cluster
resource ID for the AWS RDS cluster associated with the stream. If you enter an invalid or unknown
cluster resource ID, an error is reported in the status for the stream.
- Database type: Choose the database type to connect
to.
- Click Next.
- Optional: To be able to complete actions such as
blocking, complete the Add database credentials page:
- Database name: Enter the database name.
- Database host: Enter the database host.
- Username and Password: Enter your
database user credentials.
Important: Blocking users is supported on AWS PostgreSQL, but not AWS Aurora. If you connect to AWS Aurora, do not change the default values.
- Click Connect and finish.
What to do next
After you add a data source, it is
scanned almost immediately. You manage your connections and connection credentials from the
Connections page.
- To delete a connection, click the connection checkbox and then click
Remove in the banner that opens. You can select multiple connections to
remove.
- To edit a connection, select its Connection name
link in the table. A window opens from which you can Enable or
Disable the connection. In addition, you can see the status of the connection
or click
to change the configuration
for that connection. When you are done, click Save to save your changes and
rescan the connection.
- To download a CSV list of the connections in the table, click
. A list of the connections
currently in the table is exported - it does not include any that are filtered out.
- To refresh the list of connections, click
Refresh.
- You can filter connections by opening the Filter window (select the filter
criteria and then click Apply filters).
- To customize the columns in the table, click Customize columns. Then,
under Customize columns, select the columns that you want to display in the
table - and drag the columns to reorder them. Click Done when you
finish.
From the list of Amazon Web
Services and Azure connections, click the
account entry in the Account column to open a window from which you can
modify the account settings or delete the account. If you delete the account, all streams that were
added for the account are also deleted.