MariaDB

Integrate Apono with MariaDB to manage JIT (just-in-time) access

Overview

MariaDB is a popular open-source relational database management system. Through this integration, Apono helps you securely manage access to your MariaDB database and provides just-in-time (JIT) access to built-in and custom roles, databases, and tables.

Prerequisites

  • An Apono connector installed with network access to the MariaDB databases

    • Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)

  • A user for Apono to your MariaDB with the following permissions

  • A secret created in Secret Store with the following params:

    • Key username, Value MariaDB USERNAME

    • Keypassword, Value USERNAME PASSWORD

📘 Why does Apono need secrets?

Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security

Step-by-step guide

Create a MariaDB User

  1. Create user for Connector in the instance, type in some secure password

CREATE USER 'apono_connector'@'%' IDENTIFIED BY 'password';

  1. Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION,#USERNAME, #PASSWORD

aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{  
    "username":"'"apono_connector"'",  
    "password":"'"#PASSWORD"'"  
}'

  1. Expose databases to apono_connector

GRANT SHOW DATABASES ON *.* TO 'apono_connector'@'%';

  1. Grant CREATE USER to apono_connector in all the databases

GRANT CREATE USER ON *.* TO 'apono_connector'@'%';  
GRANT UPDATE ON mysql.* TO 'apono_connector'@'%';  
GRANT PROCESS ON *.* TO 'apono_connector'@'%';

  1. Select and grant apono_connector ONE of the following READ_ONLY, READ_WRITE, ADMIN permissions, this will function as the highest permission level you would like to provision with Apono

READ_ONLY

GRANT SELECT ON *.* TO 'apono_connector'@'%';  
GRANT GRANT OPTION ON *.* TO 'apono_connector'@'%';

READ_WRITE

GRANT SELECT,ALTER,ALTER ROUTINE,CREATE,CREATE ROUTINE,CREATE TEMPORARY TABLES,CREATE VIEW,DELETE,INDEX,INSERT,TRIGGER,UPDATE ON *.* TO 'apono_connector'@'%';  
GRANT GRANT OPTION ON *.* TO 'apono_connector'@'%';

ADMIN

GRANT EXECUTE,DROP,SELECT,ALTER,ALTER ROUTINE,CREATE,CREATE ROUTINE,CREATE TEMPORARY TABLES,CREATE VIEW,DELETE,INDEX,INSERT,TRIGGER,UPDATE ON *.* TO 'apono_connector'@'%';  
GRANT GRANT OPTION ON *.* TO 'apono_connector'@'%';

Integration Steps

  1. On the Catalog tab, click MariaDB.

  2. Pick a connector with network access to the MariaDB databases (see prerequisites)

  3. Specify the integrations details:

    • Integration name – type the name of the integration &#xNAN;When building an Access Flow you will reference this name

    • Hostname – specify the hostname of the MariaDB you are connecting

    • Port – 3306

  4. Provide the secret (see prerequisites)

  5. Click "Connect"

Congratulations on connecting your MariaDB. You can now create access flows that grant permissions to your MariaDB roles, databases and tables.

Have multiple MariaDB instances? Use the API or Terraform

You can check out the Apono API reference or Terraform Provider to easily integrate multiple integrations.

PreviousVerticaNextNetwork Management

Last updated