Define, modify, and delete AWS cloud DB service accounts
Define a Guardium cloud DB service account for Amazon AWS with your database credentials, and modify or delete the cloud DB service account.
Define a Guardium cloud DB service account
About this task
Create cloud accounts to manage the connection between your AWS cloud databases and Guardium.
- Browse to .
- Click to open the Create Cloud DB Service Account Definition window.
Define the account:
- Name: An account name that is unique to your site.
- Provider: Select Amazon as the provider name from the menu.
- Audit type: Select Data Streams to use AWS database activity monitoring. If Audit type does not display, then you must enable access to data streams. For more information, see enable_datastream.
- Authentication type: Depending on the authentication
type that you select, provide the requested information. The authentication types are:
Depending on the configuration, the Authentication type can include the following options:
- Security Credentials: Select to specify user-based credentials to manage AWS access.
- IAM Role: Select to use IAM roles to manage to your AWS access.
To monitor streams using different IAM roles, create an account for each IAM role.
- IAM Instance Profile: Select when your Guardium instance is on EC2 and
the EC2 instance has an attached IAM role with configured policies. Note: To use an IAM instance profile, the central manager and all collectors must be on EC2 and configured with an instance profile.
- AWS access key ID and AWS secret access key ID: Supplied by Amazon.
- Role ARN: The Amazon resource name (ARN) for the permissions that are assigned when you define the AWS IAM (as described in Define AWS IAM for data streams).
The account is created and the Cloud DB Service Accounts list updates with the new Cloud account.
What to do next
Modify a cloud DB service account
You can modify all parameters except the provider.
- Select the cloud account under Cloud DB Service Accounts, and click in the right pane.
- Modify the configuration.
- Click Save.
Delete a cloud DB service account
When you delete a cloud DB service account, Guardium no longer monitors database activity.
- Select the account in the Cloud DB Service Accounts pane and click
- From the Confirmation window, click Yes to delete the account or No to cancel the deletion.