Deploying an agent into your AWS Account
Navigate to the
Settings > Agentsection using the nav menu. Hover over the blue circle with a plus sign in the center and select
Add Agent with Template.
On step 1 of the wizard, select
Enter the name for your agent.
Enter a name for the service account.
Select the asset discovery that you would like to use.
If you setup an asset discovery via assuming a role or entering AWS credentials, you will need to configure a new asset discovery that authenticates via
AWS Instance Profile Service.
Download the agent credentials and save the file in a location easily accessible (or open the file and copy everything inside it).
Create Stack. If prompted, please sign into your AWS account.
Ensure you are in the same region as your databases (e.g. Ohio / us-east-2).
Select the VPC that your databases are on. If you don't know which it is, you can navigate to the DB console and click on the database and it will show the VPC it resides on.
Select one of the subnets available on the VPC.
In the next input box (
SecureCloudDb Agent Service Account Credentials (JSON)), paste the entire contents of the file you downloaded from step 6. Leave the
IAM Role ARNempty for now.
Once done, acknowledge the two check boxes at the very bottom and select
Ensure your agent has connectivity to your database(s)
First, you should ensure that the agent is in the same region as your databases.
Once that is done, check that your database security groups have the appropriate ingress security rules. Open the default port for the database service (or a non-default port if that is in use). You can confirm the port by going to the perspective database console and opening up the summary for the individual DB and look for the field "Port".
The same steps must be taken for RDS, Redshift, Elasticsearch, and ElastiCache using their perspective consoles. For easy reference, the default port for each service is listed below:
- RDS PostgreSQL --> 5432
- Redshift --> 5439
- Elasticsearch --> 9200
- ElastiCache --> 6379 for Redis and 11211 for Memcached.
Once the stack is done creating, the agent will be deployed into your AWS account. If you have not yet done so, you can now create a database access configuration.