Auto Discover AWS RDS Instances

Automatically discover all AWS RDS instances in an Account or Organization for JIT access management

Discover RDS Instances in AWS

AWS RDS PostgreSQL and MySQL databases provide powerful and flexible relational database services in the cloud. This guide shows you how to enable Apono to discover and manage your AWS RDS databases, including MySQL and PostgreSQL instances.

Prerequisites

Before you start, ensure you have:

  1. One or more Apono AWS connectors installed with network access to your AWS RDS databases.

  • Minimum required version: 1.5.3

  1. Permissions to create and manage AWS Secrets Store secrets and tag RDS instances.

This capabiltiy requires network access to each discovered database. If you have databases in different networks, make sure to create an AWS connector for each one.

Steps to Enable SQL Database Discovery

To enable Deep Discovery for your AWS RDS databases, you will need to tag your database instances with specific key-value pairs. The tagging process varies based on your authentication method.

Create credentials to the RDS instances.

  • Read more on RDS MySQL here.

  • Read more on RDS PostgreSQL here.

Option 1: For Databases with IAM Authentication

  1. Tag your RDS database instance with the following key-value pairs:

    Key
    Value

    auth_type

    iam-auth

    apono-connector-id

    The ID of the Apono connector in the same account as the database

Option 2: For Databases with Username and Password Authentication

  1. Tag your RDS database instance with the following key-value pairs:

    Key
    Value

    auth_type

    user-password

    apono-connector-id

    The ID of the Apono connector in the same account as the database

    apono-secret

    The ARN of the secret containing the database credentials

    region

    The AWS region where the secret is stored

Set Up the Apono Integration

  1. Go to the Integrations Catalog in the Apono web application.

  2. Click "AWS" and select either "Account" or "Organization". Make sure to pick resources under Connect Sub Integrations:

  1. Choose the Apono connector set up for your Account or Organization. Read more here.

  2. Complete the integration by providing the required config.

  3. Click Confirm.

After connecting your AWS Account or Organization to Apono, you will be redirected to the Connected tab to view your integrations. The new AWS integration and sub-integrations for each RDS instance will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.

Now that you have completed this integration, you can create access flows that grant permission to RDS resources.

Troubleshooting

If RDS instances appear with errors in your Integrations page, follow these steps:

  1. Check Tags: Verify all required tags are present and correctly formatted.

  2. Connector Permissions: Ensure the Apono connector has necessary permissions to read tags and access secrets.

  3. Network connectivity: Ensure each RDS instance has a connector with network access to the RDS.

PreviousIntegrate an AWS account or organizationNextAmazon Redshift

Last updated