AWS

Access various AWS products such as EC2, S3, RDS and Cloudwatch to get resources such as instances, volumes, etc

Description

AWS integration gives you ability connect with various AWS products to access AWS resources using maira commands. Maira currently supports EC2, S3, RDS and DynamoDB. More AWS products will be supported in future. Also, you can add your own integration using AWS CLI.

With RDS (mysql, postgres or mariadb drivers), you can query data from your database using standard SQL query.

Installation

To integrate with AWS, the minimum configuration you need to provide is the list or regions. The first region in the list is the default region. The rest of the configuration it loads from standard AWS environment variables or AWS configuration and credentials files. If you are using maira-agent-helm chart, you can copy these files in aws directory.

To integrate with RDS, you need to provide additional configuration for the rds host with driver selection (mysql/postgres/mariadb).

• If a password is provided in the config then Password based authentication will be done.
• If no password is provided IAM based authentication will be done.

Helm Config

Below is sample configuration for enabling aws integration through Helm Chart Values file

aws:
  disabled: false
  regions:
    - us-east-1
    - us-west-2
  rds_hosts:
    host1:
      dbName: <db_name>
      endpoint: "<host>.<region>.rds.amazonaws.com"
      user: <user_id>
      password: <password>
      awsRegion: us-east-1
      driver: postgres

• disabled tag can be set to true to temporarily disable the service without removing the config
• tag "rds_hosts" is an optional tag which can be included if you have to work with any rds databases like mysql, postgres

Direct Config

Below is an example maira gateway config to enable AWS integration.

modules:
  - name: clutch.module.aws
  - name: maira_io.module.aws
services:
  - name: clutch.service.aws
    typed_config:
      "@type": types.google.com/clutch.config.service.aws.v1.Config
      regions:
        - us-east-1
        - us-west-2
  - name: maira_io.service.aws
    typed_config:
      "@type": types.google.com/maira_io.config.service.maira_aws.v1.Config
      aws_config:
        regions:
          - us-east-1
          - us-west-2
      rds_hosts:
        mysql-host:
            dbName: ""
            endpoint: ""
            user: ""
            password: ""
            awsRegion: us-east-1
            driver: mysql

Additional Helpful Configuration Links for using RDS integration

To use AWS IAM authentication, you have to do few things:

1. Enable IAM auth for the DB - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.Enabling.html
2. Create an IAM user with permission for rds-db:connect action as specified here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html
3. Create a DB user with IAM auth in DB as specified in https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html