AWS RDS MySQL
In this article
Amazon RDS for MySQL is an open-source relational database management service in the cloud. Through AWS RDS MySQL integration, you will be able to integrate with AWS RDS MySQL:
Database
Table
Role
Prerequisites
If you already have AWS Apono connector:
Make sure the connector's minimum version is 1.5.3.
If you still don't have AWS Apono connector:
Create AWS RDS MySQL Integration
Generate Credentials
Create user and grant permissions:
You can use only one authentication option on the RDS instance at a time.
(MySQL 8.0+) Grant the service account the authority to manage other roles. This enables Apono to create, alter, and drop roles. However, this role does not inherently grant specific database access permissions.
Create Integration in Apono
In the Apono admin console, go to the Integrations page and click the Add Integration button in the top-left side, or press on the Catalog blade.
In the Catalog page search for and select AWS RDS MySQL.
In Discovery step, select one or multiple AWS RDS MySQL resource types for Apono to discover.
In Apono connector step, select the connector with the required permissions to be used with your AWS RDS MySQL.
In Integration config step, provide the following information about your AWS RDS MySQL:
Integration Name
The integration name.
Yes
Auth Type
The authentication method for connecting to an AWS RDS instance, with options for password (username and password) or iam (IAM-based authentication).
Yes
Region
AWS region where the RDS instance is located.
Yes
Instance ID
The unique identifier of the AWS RDS instance.
Yes
Credentials rotation period (in days)
i.e.: 90
No
User cleanup after access is revoked (in days)
i.e.: 90
No
In Secret Store step, provide the connector credentials using one of the following secret store options:
When using IAM authentication, **a secret does not need to be created**. The service account and its permissions are managed through IAM roles and policies. The service account is used to authenticate the MySQL instance instead of a secret.
For the AWS RDS MySQL integration, use the following secret format:
username:<The database username>
password:<The user password>
\
(Optional) In Get more with Apono step, you can set up the following:
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Next Steps
Last updated
Was this helpful?