Define, modify, and delete AWS cloud DB service accounts

Define a Guardium cloud DB service account for Amazon AWS with your database credentials, and modify or delete the cloud DB service account.

Define a Guardium cloud DB service account

About this task

Create cloud accounts to manage the connection between your AWS cloud databases and Guardium.


  1. Browse to Discover > Database Discovery > Cloud DB Service Protection.
  2. Click Add icon to open the Create Cloud DB Service Account Definition window.
  3. Define the account:
    • Name: An account name that is unique to your site.
    • Provider: Select Amazon as the provider name from the menu.
    • Audit type: Select Data Streams to use AWS database activity monitoring. If Audit type does not display, then you must enable access to data streams. For more information, see enable_datastream.
    • Authentication type: Depending on the authentication type that you select, provide the requested information. The authentication types are:
      • Security Credentials: Select to specify user-based credentials to manage AWS access.
      • IAM Role: Select to use IAM roles to manage to your AWS access.

        To monitor streams using different IAM roles, create an account for each IAM role.

      • IAM Instance Profile: Select when your Guardium instance is on EC2 and the EC2 instance has an attached IAM role with configured policies.
        Note: To use an IAM instance profile, the central manager and all collectors must be on EC2 and configured with an instance profile.
      Depending on the configuration, the Authentication type can include the following options:
      • AWS access key ID and AWS secret access key ID: Supplied by Amazon.
      • Role ARN: The Amazon resource name (ARN) for the permissions that are assigned when you define the AWS IAM (as described in Define AWS IAM for data streams).
  4. Click Create.
    The account is created and the Cloud DB Service Accounts list updates with the new Cloud account.

What to do next

Discover and start monitoring the data streams. For more information, see Discover and configure AWS data streams.

Modify a cloud DB service account

You can modify all parameters except the provider.


  1. Select the cloud account under Cloud DB Service Accounts, and click Edit icon in the right pane.
  2. Modify the configuration.
  3. Click Save.

Delete a cloud DB service account

When you delete a cloud DB service account, Guardium no longer monitors database activity.


  1. Select the account in the Cloud DB Service Accounts pane and click Delete icon
  2. From the Confirmation window, click Yes to delete the account or No to cancel the deletion.