Amazon RDS - Authorize security group
Declaration
<AMAWSRDS ACTIVITY="authorize_security_group" PROVIDER="session_based" SESSION="text" ACCESSKEY="text" SECRETKEY="text (encrypted)" USERAGENT="text" MAXERRORRETRY="number" SERVICEURL="text" PROXYHOST="text" PROXYPORT="number" PROXYUSER="text" PROXYPWD="text (encrypted)" SIGNMETHOD="text" SIGNVERSION="number" SECURITYGROUP="text" CIDRIP="text" EC2GROUP="text" EC2OWNERID="text" RESULTDATASET="text" />
Description
Authorizes network ingress for a security group or an IP address range
and optionally creates and populates a dataset with authorization information.
IMPORTANT: Automate Desktop's RDS activities
are performed using Amazon's Relational
Database Service engine, therefore, administering
Amazon RDS through Automate Desktop requires a valid Access Key ID and
Secret Access Key.
Practical usage
A security group acts like a firewall controlling network access to
a database instance that is not inside an Amazon virtual private cloud.
By default, network access is disabled for a new security group. You must
specifically authorize access to an IP range for a new security group
after it is created. This activity will allow you to perform such an operation.
Parameters
Connection
Connection |
--- |
--- |
--- |
--- |
Indicates
where Amazon Web Service user credentials and preferences should
originate from. This is a design mode parameter used only during
task construction and configuration, thus, comprises no markup.
The available options are:- Host (default) - Specifies
that user credentials and/or advanced preferences are configured
individually for this activity. This option is normally chosen
if only a single activity is required to complete an operation.
- Session - Specifies that
user credentials and/or advanced preferences are obtained
from a pre-configured session created in an earlier step with the use of the Amazon RDS -
Create session activity. This option is normally chosen
if a combination of related activities are required to complete
an operation. Linking several activities to a single session
eliminates redundancy. Additionally, a single task supports
construction and simultaneous execution of multiple sessions, improving
efficiency.
|
Connection - Session
Session |
Text |
Yes,
if Connection is set to Session |
EC2Session1 |
SESSION="RDSSession1"
|
The
name of an existing session to attach this activity to. This parameter
is active only if the Connection
parameter is set to Session.
The default session name is RDSSession1. |
Connection - Host > Credentials
Access key |
Text |
Yes,
if Connection is set to Host |
(Empty) |
ACCESSKEY="022QF06E7MXBSH9DHM02"
|
A
20-character alphanumeric string that uniquely identifies the
owner of the AWS service account, similar to a username. This
key along with a corresponding secret access key forms a secure
information set that AWS uses to confirm a valid user's identity.
This parameter is active only if the
Connection parameter is set to Host. |
Secret access key |
Text |
Yes,
if Connection is set to Host |
(Empty) |
SECRETKEY="kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct" |
A
40-character string that serves the role as password to access
the AWS service account. This along with an associated access
key forms a secure information set that EC2 uses to confirm a
valid user's identity. This parameter is active only if the Connection parameter is set
to Host. |
Connection - Host > Advanced
User
agent |
Text |
No |
Automate |
USERAGENT="Automate"
|
The
name of the client or application initiating requests to AWS.
The default value is Automate. |
Maximum number of retries on error |
Number |
No |
(Empty) |
MAXERRORRETRY="4"
|
The
total amount of times this activity should retry its request to
the server before returning an error. Network components can generate
errors anytime in the life of a request, thus, implementing retries
can increase reliability. |
Service URL |
Text |
No |
(Empty) |
SERVICEURL="https://rds.eu-west-1.amazonaws.com"
|
The
URL that provides the service endpoint. To make the service call
to a different region, you can pass the region-specific endpoint
URL. For example, entering https://rds.us-west-1.amazonaws.com
points to US West (Northern California) region. A complete list
of EC2 regions, accompanying endpoints and valid protocols can
be found below under RDS endpoints and regions . |
Proxy host |
Text |
No |
(Empty) |
PROXYHOST="proxy.host.com"
|
The
hostname (for example, server.domain.com) or IP address (for example, xxx.xxx.xxx.xxx)
of the proxy server to use when connecting to AWS. |
Proxy port |
Number |
No |
(Empty) |
PROXYPORT="1028"
|
The
port that should be used to connect to the proxy server. |
Proxy username |
Text |
No |
(Empty) |
PROXYUSER="username"
|
The
username that should be used to authenticate connection with the
proxy server (if required). |
Proxy password |
Text |
No |
(Empty) |
PROXYPWD="encrypted"
|
The
password that should be used to authenticate connection with the
proxy server (if required). |
Signature method |
Text |
No |
(Empty) |
SIGNMETHOD="HmacSHA256"
|
The
signature method to use for signing the request. This provides
a valid hashing algorithm for signature calculation. Valid AWS
signature methods are HmacSHA1 and
HmacSHA256. |
Signature version |
Number |
No |
(Empty) |
SIGNVERSION="2"
|
The
signature version for signing the request. Valid AWS signature
versions are 2 and 4. The difference with version 4 is that it
allows you to sign your message using a key that is derived from
your secret access key rather than using the secret access key
itself. |
Security Group
Group
name |
Text |
Yes |
(Empty) |
SECURITYGROUP="MyDBGroup"
|
The
name of the Amazon RDS security group to authorize. |
CIDRIP |
Number |
No |
(Empty) |
CIDRIP="192.168.100.100/0"
|
If
enabled, specifies the IP range to allow the security group access
to. The value must be a valid Classless Inter-Domain Routing (CIDR)
range in the format xxx.xxx.xxx.xxx/x (for example, 192.168.100.100/0).
If this parameter is enabled, EC2
security group and related parameters are ignored. |
EC2
security group |
--- |
--- |
--- |
--- |
If
enabled, specifies the security group name and owner ID to allow
access. If this parameter is enabled, the CIDRIP
parameter is ignored. This is a design time parameter, therefore,
contains no markup. |
Name |
Text |
No |
(Empty) |
EC2GROUP="mydbsecuritygroup"
|
The
name of the Amazon EC2 security group (for example, myEC2securitygroup).
This parameter is active only if the EC2
security group parameter is enabled. |
Owner
ID |
Number |
No |
(Empty) |
EC2OWNERID=123456789012
|
The
AWS account number of the owner of the EC2 security group. This
parameter is active only if the EC2
security group parameter is enabled. |
Create
and populate dataset with security group information |
Text |
No |
(Empty) |
RESULTDATASET="myDataset"
|
The
name of the dataset to create and populate with Amazon RDS security
group information. More on the individual fields that this dataset
creates can be found below under Datasets. |
Description
Error Causes
On Error
Additional notes
RDS endpoints and regions
This table contains a complete list of Amazon Relational Database Service
endpoints, along with their corresponding regions and supported protocols.
rds.us-east-1.amazonaws.com |
US East
(Northern Virginia) Region |
HTTP
and HTTPS |
rds.us-west-2.amazonaws.com
|
US West
(Oregon) Region |
HTTP
and HTTPS |
rds.us-west-1.amazonaws.com
|
US West
(Northern California) Region |
HTTP
and HTTPS |
rds.eu-west-1.amazonaws.com
|
EU (Ireland)
Region |
HTTP
and HTTPS |
rds.ap-southeast-1.amazonaws.com
|
Asia
Pacific (Singapore) Region |
HTTP
and HTTPS |
rds.ap-southeast-2.amazonaws.com
|
Asia
Pacific (Sydney) Region |
HTTP
and HTTPS |
rds.ap-northeast-1.amazonaws.com
|
Asia
Pacific (Tokyo) Region |
HTTP
and HTTPS |
rds.sa-east-1.amazonaws.com
|
South
America (Sao Paulo) Region |
HTTP
and HTTPS |
Datasets
A dataset
is a multiple column, multiple row container object. This activity creates
and populates a dataset containing a specific set of fields. The table
below describes these fields (assuming the dataset name assigned was "theDataset").
theDataset.DBSecurityGroupDescription |
Text |
Returns the description
of the security group. |
theDataset.DBSecurityGroupName |
Text |
Returns the name
of the RDS security group. |
theDataset.IPRange |
Text |
Returns the IP
range to allow access. |
theDataset.OwnerID |
Number |
Returns the AWS
account number of the owner of the security group (for example, 123412341234). |
Example
NOTE:
- Copy and paste the sample AML code below directly into
the Task Builder Steps Panel.
- To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.
Description
This sample task authorizes an RDS security group and then creates and populates a dataset with group information.
Copy
1
<AMAWSRDS ACTIVITY="authorize_security_group" SECURITYGROUP="securitygroupname" EC2GROUP="ec2groupname" EC2OWNERID="ownerid" RESULTDATASET="thedata"/>