Amazon RDS - Authorize security group

Amazon RDS - Authorize Security Group

Declaration

<AMAWSRDS ACTIVITY="authorize_security_group" SECURITYGROUP="text" 
CIDRIP="text" ACCESSKEY="text" SECRETKEY="text (encrypted)" 
SERVICEURL="text" PROXYHOST="text" 
USERAGENT="text" PROXYPORT="number" PROXYUSER="text" 
PROXYPWD="text (encrypted)" MAXERRORRETRY="number" 
SIGNMETHOD="text" SIGNVERSION="number" />

Description: Authorizes network ingress for a security group or an IP address range and optionally creates and populates a dataset with authorization information.

IMPORTANT: RDS activities are performed using Amazon's Relational Database Service engine, therefore, administering Amazon RDS requires a valid Access Key ID and Secret Access Key.

Practical Usage

A security group acts like a firewall controlling network access to a database instance that is not inside an Amazon virtual private cloud. By default, network access is disabled for a new security group. You must specifically authorize access to an IP range for a new security group after it is created. This activity will allow you to perform such an operation.

Connection Parameters

Property	Type	Required	Default	Markup	Description
Connection					Indicates where Amazon Web Service user credentials and preferences should originate from. This is a design mode parameter used only during task construction and configuration, thus, comprises no markup. The available options are: Host (default) - Specifies that user credentials and/or advanced preferences are configured individually for this activity. This option is normally chosen if only a single activity is required to complete an operation. Session - Specifies that user credentials and/or advanced preferences are obtained from a pre-configured session created in an earlier step with the use of the RDS - Create session activity. This option is normally chosen if a combination of related activities are required to complete an operation. Linking several activities to a single session eliminates redundancy. Additionally, a single task supports construction and simultaneous execution of multiple sessions, improving efficiency.
Session	Text	Yes if connection is session-based	EC2Session1	SESSION="RDSSession1"	The name of an existing session to attach this activity to. This parameter is active only if the Connection parameter is set to Session. The default session name is 'RDSSession1'.
Access key	Text	Yes if connection is host-based	(Empty)	ACCESSKEY= "022QF06E7MXBSH9DHM02"	A 20-character alphanumeric string that uniquely identifies the owner of the AWS service account, similar to a username. This key along with a corresponding secret access key forms a secure information set that AWS uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host.
Secret Access key	Text	Yes if connection is host-based	(Empty)	SECRETKEY= "kWcrlUX5JEDGM/LtmEENI/ aVmYvHNif5zB+d9+ct"	A 40-character string that serves the role as password to access the AWS service account. This along with an associated access key forms a secure information set that EC2 uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host.
User agent	Text	No	AutoMate	USERAGENT="AutoMate"	The name of the client or application initiating requests to AWS. The default value is 'AutoMate'.
Maximum retry on error	Number	No	(Empty)	MAXERRORRETRY="4"	The total amount of times this activity should retry its request to the server before returning an error. Network components can generate errors anytime in the life of a request, thus, implementing retries can increase reliability.
Service URL	Text	No	(Empty)	SERVICEURL= "https://rds.eu-west-1.amazonaws.com"	The URL that provides the service endpoint. To make the service call to a different region, you can pass the region-specific endpoint URL. For example, entering https://rds.us-west-1.amazonaws.com points to US West (Northern California) region. A complete list of EC2 regions, accompanying endpoints and valid protocols can be found below under RDS Endpoints and Regions.
Proxy host	Text	No	(Empty)	PROXYHOST="proxy.host.com"	The host name (e.g., server.domain.com) or IP address (e.g., xxx.xxx.xxx.xxx) of the proxy server to use when connecting to AWS.
Proxy port	Number	No	(Empty)	PROXYPORT="1028"	The port that should be used to connect to the proxy server.
Proxy username	Text	No	(Empty)	PROXYUSER="username"	The username that should be used to authenticate connection with the proxy server (if required).
Proxy password	Text	No	(Empty)	PROXYPWD="encrypted"	The password that should be used to authenticate connection with the proxy server (if required).
Signature method	Text	No	(Empty)	SIGNMETHOD="HmacSHA256"	The signature method to use for signing the request. This provides a valid hashing algorithm for signature calculation. Valid AWS signature methods are HmacSHA1 and HmacSHA256.
Signature version	Number	No	(Empty)	SIGNVERSION="2"	The signature version for signing the request. Valid AWS signature versions are 2 and 4. The difference with version 4 is that it allows you to sign your message using a key that is derived from your secret access key rather than using the secret access key itself.

Security Group Parameters

Property	Type	Required	Default	Markup	Description
Group name	Text	Yes	(Empty)	SECURITYGROUP="MyDBGroup"	The name of the Amazon RDS security group to authorize.
CIDRIP	Number	No	(Empty)	CIDRIP="192.168.100.100/0"	If enabled, specifies the IP range to allow the security group access to. The value must be a valid Classless Inter-Domain Routing (CIDR) range in the format xxx.xxx.xxx.xxx/x (e.g., 192.168.100.100/0). If this parameter is enabled, EC2 security group and related parameters are ignored.
EC2 security group					If enabled, specifies the security group name and owner ID to allow access. If this parameter is enabled, the CIDRIP parameter is ignored. This is a design time parameter, therefore, contains no markup.
Name	Text	No	(Empty)	EC2GROUP="mydbsecuritygroup"	The name of the Amazon EC2 security group (e.g., myEC2securitygroup). This parameter is active only if the EC2 security group parameter is enabled.
Owner ID	Number	No	(Empty)	EC2OWNERID=123456789012	The AWS account number of the owner of the EC2 security group. This parameter is active only if the EC2 security group parameter is enabled.
Create and populate dataset with security group information	Text	No	(Empty)	RESULTDATASET="myDataset"	The name of the dataset to create and populate with Amazon RDS security group information. More on the individual fields that this dataset creates can be found below under Datasets.

Description tab - A custom description can be provided on the Description tab to convey additional information or share special notes about a task step.

Error Causes tab - Specify how this step should behave upon the occurrence of an error. (Refer to Task Builder > Error Causes Tab for details.)

On Error tab - Specify what AWE should do if this step encounters an error as defined on the Error Causes tab. (Refer to Task Builder > On Error Tab for details.)

RDS endpoints and regions

This table contains a complete list of Amazon Relational Database Service endpoints, along with their corresponding regions and supported protocols.

Endpoint	Region	Protocol
rds.us-east-1.amazonaws.com	US East (Northern Virginia) Region	HTTP and HTTPS
rds.us-west-2.amazonaws.com	US West (Oregon) Region	HTTP and HTTPS
rds.us-west-1.amazonaws.com	US West (Northern California) Region	HTTP and HTTPS
rds.eu-west-1.amazonaws.com	EU (Ireland) Region	HTTP and HTTPS
rds.ap-southeast-1.amazonaws.com	Asia Pacific (Singapore) Region	HTTP and HTTPS
rds.ap-southeast-2.amazonaws.com	Asia Pacific (Sydney) Region	HTTP and HTTPS
rds.ap-northeast-1.amazonaws.com	Asia Pacific (Tokyo) Region	HTTP and HTTPS
rds.sa-east-1.amazonaws.com	South America (Sao Paulo) Region	HTTP and HTTPS

Datasets

A dataset is a multiple column, multiple row container object. This activity creates and populates a dataset containing a specific set of fields. The table below describes these fields (assuming the dataset name assigned was theDataset).

Name	Type	Return Value
Name	Type	Return Value
theDataset.DBSecurityGroupDescription	Text	Returns the description of the security group.
theDataset.DBSecurityGroupName	Text	Returns the name of the RDS security group.
theDataset.IPRange	Text	Returns the IP range to allow access.
theDataset.OwnerID	Number	Returns the AWS account number of the owner of the security group (e.g., 123412341234).

Example

The sample AML code below can be copied and pasted directly into the Steps panel of the Task Builder.

Description: Authorize RDS security group "securitygroupname". EC2 security group is "ec2groupname". EC2 owner id is "ownerid&quo t;. Store RDS security group information into dataset "thedata". Use default RDS session.

<AMAWSRDS ACTIVITY="authorize_security_group" 
SECURITYGROUP="securitygroupname" 
EC2GROUP="ec2groupname" EC2OWNERID="ownerid" 
RESULTDATASET="thedata"/>

v10 | 202208121109

Copyright Help/Systems LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.