|
Amazon RDS - Authorize security group |
Declaration
<AMAWSRDS ACTIVITY="authorize_security_group" PROVIDER="session_based" SESSION="text" ACCESSKEY="text" SECRETKEY="text (encrypted)" USERAGENT="text" MAXERRORRETRY="number" SERVICEURL="text" PROXYHOST="text" PROXYPORT="number" PROXYUSER="text" PROXYPWD="text (encrypted)" SIGNMETHOD="text" SIGNVERSION="number" SECURITYGROUP="text" CIDRIP="text" EC2GROUP="text" EC2OWNERID="text" RESULTDATASET="text" />
Description
Authorizes network ingress for a security group or an IP address range and optionally creates and populates a dataset with authorization information.
Practical Usage
A security group acts like a firewall controlling network access to a database instance that is not inside an Amazon virtual private cloud. By default, network access is disabled for a new security group. You must specifically authorize access to an IP range for a new security group after it is created. This activity will allow you to perform such an operation.
Parameters
Connection
Property | Type | Required | Default | Markup | Description |
---|---|---|---|---|---|
Connection | --- | --- | --- | --- | Indicates
where Amazon Web Service user credentials and preferences should
originate from. This is a design mode parameter used only during
task construction and configuration, thus, comprises no markup.
The available options are:
|
Session | Text | Yes, if Connection is set to Session | EC2Session1 | SESSION="RDSSession1" | The name of an existing session to attach this activity to. This parameter is active only if the Connection parameter is set to Session. The default session name is RDSSession1. |
Access key | Text | Yes, if Connection is set to Host | (Empty) | ACCESSKEY="022QF06E7MXBSH9DHM02" | A 20-character alphanumeric string that uniquely identifies the owner of the AWS service account, similar to a username. This key along with a corresponding secret access key forms a secure information set that AWS uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host. |
Secret access key | Text | Yes, if Connection is set to Host | (Empty) | SECRETKEY="kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct" | A 40-character string that serves the role as password to access the AWS service account. This along with an associated access key forms a secure information set that EC2 uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host. |
User agent | Text | No | Automate | USERAGENT="Automate" | The name of the client or application initiating requests to AWS. The default value is Automate. |
Maximum number of retries on error | Number | No | (Empty) | MAXERRORRETRY="4" | The total amount of times this activity should retry its request to the server before returning an error. Network components can generate errors anytime in the life of a request, thus, implementing retries can increase reliability. |
Service URL | Text | No | (Empty) | SERVICEURL="https://rds.eu-west-1.amazonaws.com" | The URL that provides the service endpoint. To make the service call to a different region, you can pass the region-specific endpoint URL. For example, entering https://rds.us-west-1.amazonaws.com points to US West (Northern California) region. A complete list of EC2 regions, accompanying endpoints and valid protocols can be found below under RDS Endpoints and Regions . |
Proxy host | Text | No | (Empty) | PROXYHOST="proxy.host.com" | The host name (for example, server.domain.com) or IP address (for example, xxx.xxx.xxx.xxx) of the proxy server to use when connecting to AWS. |
Proxy port | Number | No | (Empty) | PROXYPORT="1028" | The port that should be used to connect to the proxy server. |
Proxy username | Text | No | (Empty) | PROXYUSER="username" | The username that should be used to authenticate connection with the proxy server (if required). |
Proxy password | Text | No | (Empty) | PROXYPWD="encrypted" | The password that should be used to authenticate connection with the proxy server (if required). |
Signature method | Text | No | (Empty) | SIGNMETHOD="HmacSHA256" | The signature method to use for signing the request. This provides a valid hashing algorithm for signature calculation. Valid AWS signature methods are HmacSHA1 and HmacSHA256. |
Signature version | Number | No | (Empty) | SIGNVERSION="2" | The signature version for signing the request. Valid AWS signature versions are 2 and 4. The difference with version 4 is that it allows you to sign your message using a key that is derived from your secret access key rather than using the secret access key itself. |
Security Group
Property | Type | Required | Default | Markup | Description |
---|---|---|---|---|---|
Group name | Text | Yes | (Empty) | SECURITYGROUP="MyDBGroup" | The name of the Amazon RDS security group to authorize. |
CIDRIP | Number | No | (Empty) | CIDRIP="192.168.100.100/0" | If enabled, specifies the IP range to allow the security group access to. The value must be a valid Classless Inter-Domain Routing (CIDR) range in the format xxx.xxx.xxx.xxx/x (for example, 192.168.100.100/0). If this parameter is enabled, EC2 security group and related parameters are ignored. |
EC2 security group | --- | --- | --- | --- | If enabled, specifies the security group name and owner ID to allow access. If this parameter is enabled, the CIDRIP parameter is ignored. This is a design time parameter, therefore, contains no markup. |
Name | Text | No | (Empty) | EC2GROUP="mydbsecuritygroup" | The name of the Amazon EC2 security group (for example, myEC2securitygroup). This parameter is active only if the EC2 security group parameter is enabled. |
Owner ID | Number | No | (Empty) | EC2OWNERID=123456789012 | The AWS account number of the owner of the EC2 security group. This parameter is active only if the EC2 security group parameter is enabled. |
Create and populate dataset with security group information | Text | No | (Empty) | RESULTDATASET="myDataset" | The name of the dataset to create and populate with Amazon RDS security group information. More on the individual fields that this dataset creates can be found below under Datasets. |
Additional Notes
RDS Endpoints and Regions
This table contains a complete list of Amazon Relational Database Service endpoints, along with their corresponding regions and supported protocols.
Endpoint | Region | Protocol |
---|---|---|
rds.us-east-1.amazonaws.com | US East (Northern Virginia) Region | HTTP and HTTPS |
rds.us-west-2.amazonaws.com | US West (Oregon) Region | HTTP and HTTPS |
rds.us-west-1.amazonaws.com | US West (Northern California) Region | HTTP and HTTPS |
rds.eu-west-1.amazonaws.com | EU (Ireland) Region | HTTP and HTTPS |
rds.ap-southeast-1.amazonaws.com | Asia Pacific (Singapore) Region | HTTP and HTTPS |
rds.ap-southeast-2.amazonaws.com | Asia Pacific (Sydney) Region | HTTP and HTTPS |
rds.ap-northeast-1.amazonaws.com | Asia Pacific (Tokyo) Region | HTTP and HTTPS |
rds.sa-east-1.amazonaws.com | South America (Sao Paulo) Region | HTTP and HTTPS |
Datasets
A dataset is a multiple column, multiple row container object. This activity creates and populates a dataset containing a specific set of fields. The table below describes these fields (assuming the dataset name assigned was "theDataset").
Name | Type | Return Value |
---|---|---|
theDataset.DBSecurityGroupDescription | Text | Returns the description of the security group. |
theDataset.DBSecurityGroupName | Text | Returns the name of the RDS security group. |
theDataset.IPRange | Text | Returns the IP range to allow access. |
theDataset.OwnerID | Number | Returns the AWS account number of the owner of the security group (i.e. 123412341234). |
Example
- The sample AML code below can be copied and pasted directly into the Steps Panel of the Task Builder.
- Parameters containing user credentials, files, file paths, and/or other information specific to the task must be customized before the sample code can run successfully.
Description
This sample task authorizes an RDS security group and then creates and populates a dataset with group information.
<AMAWSRDS ACTIVITY="authorize_security_group" SECURITYGROUP="securitygroupname" EC2GROUP="ec2groupname" EC2OWNERID="ownerid" RESULTDATASET="thedata"/>