Connecting to Amazon Web Services (AWS) by discovering streams

Learn how to configure the connection from Guardium® Insights SaaS to Amazon Web Services (AWS).

Before you begin

After initiating the connection to your AWS data source, configure the connection to AWS as follows:

Procedure

  1. Open the main menu at the upper left of the page (open this menu by clicking the main menu icon (main menu)) and then click Connections - or click View all connections in the Connections to Guardium Insights card in the Dashboards page.
  2. To add an Amazon Web Services (AWS) connection, click Add connection, and then select Amazon Aurora Postgresql.
  3. From Choose an option, select Discover streams and then click Configure to open the Amazon Kinesis credentials page.
    Note: For more information about AWS credentials, see Cloud database service protection Amazon AWS setup.
  4. Required: If you have an existing account, select Use existing account, and then enter the account name.
    If you do not already have an account, click Connect an account, and then enter the following credentials:
    1. Create a name for your account: This unique name (with a minimum of 4 characters) identifies your account in the future.
    2. Add your access information:
      1. To authenticate with security credentials, select Security-Credentials. If you also include an IAM-Role for authentication, select IAM-Role.
      2. AWS access key: Enter your AWS access key.
      3. AWS secret access key: Enter your AWS secret access key.
      4. Role ARN: This field displays only if you selected IAM-Role. Enter your Role ARN in this field.
  5. Click Next.
  6. Required: The Discover streams page lists the AWS regions that contain streams. Select one or more regions in which you want to discover streams (you can select regions only with streams available).
  7. Click Next.
  8. Required: All available streams in the selected regions display in the Connect streams page. Select the stream that you want to connect to and then click Next.
  9. Required: In the Enable monitoring page, enter the information that you need to enable monitoring (all fields are required):
    1. Port: Specify the database port number.
    2. Database DNS endpoint: Specify the database DNS endpoint (host).
    3. Consumer group name: Determines whether multiple consumers have a shared or separate view of this data stream. To share the data stream view, use the same consumer group name. The consumer group name can be any name that is unique.
    4. Cluster resource ID: The cluster resource ID for the AWS RDS cluster associated with the stream. If you enter an invalid or unknown cluster resource ID, an error is reported in the status for the stream.
    5. Database type: Choose the database type to connect to.
  10. Click Next.
  11. Optional: To be able to complete actions such as blocking, complete the Add database credentials page:
    1. Database name: Enter the database name.
    2. Database host: Enter the database host.
    3. Username and Password: Enter your database user credentials.
    Important: Blocking users is supported on AWS PostgreSQL, but not AWS Aurora. If you connect to AWS Aurora, do not change the default values.
  12. Click Connect and finish.

What to do next

After you add a data source, it is scanned almost immediately. You manage your connections and connection credentials from the Connections page.

  • To delete a connection, click the connection checkbox and then click Remove in the banner that opens. You can select multiple connections to remove.
  • To edit a connection, select its Connection name link in the table. A window opens from which you can Enable or Disable the connection. In addition, you can see the status of the connection or click Edit icon to change the configuration for that connection. When you are done, click Save to save your changes and rescan the connection.
  • To download a CSV list of the connections in the table, click Download CSV icon. A list of the connections currently in the table is exported - it does not include any that are filtered out.
  • To refresh the list of connections, click Refresh.
  • You can filter connections by opening the Filter window (select the filter criteria and then click Apply filters).
  • To customize the columns in the table, click Customize columns. Then, under Customize columns, select the columns that you want to display in the table - and drag the columns to reorder them. Click Done when you finish.