Learn how to configure the connection from Guardium®
Insights SaaS to Amazon Web Services (AWS).
Procedure
- Open the main menu at the upper left of the page (open this menu by
clicking the main menu icon ()) and then click Connections - or click View
all connections in the Connections to Guardium Insights card in the
Dashboards page.
- To add an Amazon Web Services (AWS) connection, click Add
connection, and then select Amazon Aurora
Postgresql.
- From Choose an option, select Discover
streams and then click Configure to open the Amazon
Kinesis credentials page.
- Required: If you have an existing account,
select Use existing account, and then enter the account name.
If
you do not already have an account, click
Connect an account, and then enter
the following credentials:
- Create a name for your account: This unique name (with a minimum of 4
characters) identifies your account in the future.
- Add your access information:
- To authenticate with security credentials, select Security-Credentials.
If you also include an IAM-Role for authentication, select
IAM-Role.
- AWS access key: Enter your AWS access key.
- AWS secret access key: Enter your AWS secret access key.
- Role ARN: This field displays only if you selected
IAM-Role. Enter your Role ARN in this field.
- Click Next.
- Required: The Discover streams page lists the AWS
regions that contain streams. Select one or more regions in which you want to discover streams (you
can select regions only with streams available).
- Click Next.
- Required: All available streams in the selected regions display in the
Connect streams page. Select the stream that you want to connect to and then
click Next.
- Required: In the Enable monitoring page, enter the
information that you need to enable monitoring (all fields are required):
- Port: Specify the database port
number.
- Database DNS endpoint: Specify the
database DNS endpoint (host).
- Consumer group name: Determines
whether multiple consumers have a shared or separate view of this data stream. To share the data
stream view, use the same consumer group name. The consumer group name can be any name that is
unique.
- Cluster resource ID: The cluster
resource ID for the AWS RDS cluster associated with the stream. If you enter an invalid or unknown
cluster resource ID, an error is reported in the status for the stream.
- Database type: Choose the database type to connect
to.
- Click Next.
- Optional: To be able to complete actions such as
blocking, complete the Add database credentials page:
- Database name: Enter the database name.
- Database host: Enter the database host.
- Username and Password: Enter your
database user credentials.
Important: Blocking users is supported on AWS PostgreSQL, but not AWS Aurora. If you connect to AWS Aurora, do not change the default values.
- Click Connect and finish.
What to do next
After you add a data source, it is
scanned almost immediately. You manage your connections and connection credentials from the
Connections page.
- To delete a connection, click the connection checkbox and then click
Remove in the banner that opens. You can select multiple connections to
remove.
- To edit a connection, select its Connection name
link in the table. A window opens from which you can Enable or
Disable the connection. In addition, you can see the status of the connection
or click to change the configuration
for that connection. When you are done, click Save to save your changes and
rescan the connection.
- To download a CSV list of the connections in the table, click . A list of the connections
currently in the table is exported - it does not include any that are filtered out.
- To refresh the list of connections, click
Refresh.
- You can filter connections by opening the Filter window (select the filter
criteria and then click Apply filters).
- To customize the columns in the table, click Customize columns. Then,
under Customize columns, select the columns that you want to display in the
table - and drag the columns to reorder them. Click Done when you
finish.