Connecting to Amazon Web Services (AWS) by discovering streams

Learn how to configure the connection from Guardium® Data Security Center to Amazon Web Services (AWS).

Before you begin

Attention: Amazon Kinesis is required to connect with the Amazon Web Services (AWS) Aurora PostgreSQL.

After initiating the connection to your AWS data source, configure the connection to AWS as follows:

Procedure

  1. Open the main menu at the upper left of the page (open this menu by clicking the main menu icon (main menu)) and then click Connections - or click View all connections in the Connections to Guardium Data Security Center card in the Dashboards page.
  2. To add an Amazon Web Services (AWS) connection, click Create connection, and then select Amazon Aurora Postgresql.
  3. From Choose an option, select Discover streams and then click Configure to open the Amazon Kinesis credentials page.
    Note: For more information about AWS credentials, see Cloud database service protection Amazon AWS setup.
  4. Required: Set the AWS credentials to use for the connection:
    1. To set up a new connection, ensure that Connect an account is active and provide the following information:
      1. Create a name for your account: This unique name (with a minimum of 4 characters) is used to identify your account in the future.
      2. Add your access information:
        1. To authenticate with security credentials, select Security-Credentials. If you also use an IAM-Role for authentication, select IAM-Role.
        2. AWS access key: Enter your AWS access key.
        3. AWS secret access key: Enter your AWS secret access key.
        4. Role ARN: This field is only available if you selected IAM-Role. Enter your Role ARN in this field.
    2. To reuse an existing connection, click Use existing account and then select the account that you want to use.
  5. Click Next.
  6. Required: The Discover streams page lists the AWS regions that contain streams. Select one or more regions in which you want to discover streams (you can select regions only with streams available).
  7. Click Next.
  8. Required: All available streams in the selected regions display in the Connect streams page. Select the stream that you want to connect to and then click Next.
  9. Required: In the Enable monitoring page, enter the information that you need to enable monitoring (all fields are required):
    1. Port: Specify the database port number.
    2. Database DNS endpoint: Specify the database DNS endpoint (host).
    3. Consumer group name: Determines whether multiple consumers have a shared or separate view of this data stream. To share the data stream view, use the same consumer group name. The consumer group name can be any name that is unique.
    4. Cluster resource ID: The cluster resource ID for the AWS RDS cluster associated with the stream. If you enter an invalid or unknown cluster resource ID, an error is reported in the status for the stream.
    5. Database type: Choose the database type to connect to.
  10. Click Next.
  11. Optional: To be able to complete actions such as blocking, complete the Add database credentials page:
    1. Database name: Enter the database name.
    2. Database host: Enter the database host.
    3. Username and Password: Enter your database user credentials.
    Important: Blocking users is supported on AWS PostgreSQL, but not AWS Aurora. If you connect to AWS Aurora, do not change the default values.
  12. Click Connect and finish.

What to do next

After you add a data source, it is scanned almost immediately. You manage your connections and connection credentials from the Connections page.

  • To delete a connection, click the connection checkbox and then click Remove in the banner that opens. You can select multiple connections to remove.
  • To edit a connection, select its Connection name link in the table. A window opens from which you can Enable or Disable the connection. In addition, you can see the status of the connection or click Edit icon to change the configuration for that connection. When you are done, click Save to save your changes and rescan the connection.
  • To download a CSV list of the connections in the table, click Download CSV icon. A list of the connections currently in the table is exported - it does not include any that are filtered out.
  • To refresh the list of connections, click Refresh.
  • You can filter connections by opening the Filter window (select the filter criteria and then click Apply filters).
  • To customize the columns in the table, click Customize columns. Then, under Customize columns, select the columns that you want to display in the table - and drag the columns to reorder them. Click Done when you finish.

From the list of Amazon Web Services and Azure connections, click the account entry in the Account column to open a window from which you can modify the account settings or delete the account. If you delete the account, all streams that were added for the account are also deleted.