Skip to main content

Privacera Documentation

Configure AWS Aurora DB (PostgreSQL/MySQL) on Privacera Platform

You can configure an external RDS Aurora DB with two different databases:

Configure external RDS Aurora DB with PostgreSQL

You can configure External RDS Aurora DB with PostgreSQL for Portal, Ranger, Ranger KMS, and Access Request Manager.

Prerequisites
  • Create RDS Aurora DB with PostgreSQL with a database name. You'll need to use the database name in the Configuration section below.

    Note

    The RDS database name which you will be entering in the Configuration section below should be created in advance. Privacera does not create a RDS database, but only creates table schemas.

  • If you have installed Privacera using the internal Maria DB and wish to move from the internal database to an external PostgreSQL DB, then you will have to delete the Maria DB container/pod. For more information, see Service Commands.

Procedure
  1. SSH to the instance where Privacera is installed.

  2. Run the following command.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.external.db.postgres.yml config/custom-vars/
    vi config/custom-vars/vars.external.db.postgres.yml
    
  3. In the file, set the following as false:

    DB_INSTALL_MARIADB: "false"
  4. Enter the hostname of the AWS PostgreSQL server, and the name of the database you want to connect to. Get the name of the database from the Prerequisites section above.

    EXTERNAL_DB_HOST: "<PLEASE_CHANGE>"
    EXTERNAL_DB_NAME: "<PLEASE_CHANGE>" 
  5. Enter the credentials of the user who has access to the database.

    EXTERNAL_DB_USER: "<PLEASE_CHANGE>"
    EXTERNAL_DB_PASSWORD: "<PLEASE_CHANGE>"
  6. (Optional) Enter a database name for Privacera Portal, Privacera Ranger, and Privacera Ranger KMS. It is recommended to provide different names for the 3 databases.

    PRIVACERA_PORTAL_DB_NAME: "{{EXTERNAL_DB_NAME}}"
    PRIVACERA_RANGER_DB_NAME: "{{EXTERNAL_DB_NAME}}"
    PRIVACERA_RANGER_KMS_DB_NAME: "{{EXTERNAL_DB_NAME}}"   
  7. Save and exit.

  8. Run the following command.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Configure external Aurora DB with MySQL

You can configure External RDS Aurora DB with MySQL for Portal, Ranger, Ranger KMS and Access Request Manager.

Planning extra parameters for JDBC connections to MySQL

You might need to pass additional HTTP request parameters when a JDBC connection is made to MySQL. You define these extra parameters as CGI-type arguments on the HTTP call. These extra parameters are specified in properties in vars.external.db.mysql.yml:

  • DB_CONNECTION_EXTRA_PARAMETERS is for Privacera Portal.

  • RANGER_DB_CONNECTION_EXTRA_PARAMETERS is for Ranger.

  • DB_SSL_ENABLE set to true to enable SSL connections. By default, it is not set

Except for handling of SSL, the extra parameters must be the same for both of these properties.

Examples of extra parameters

  • With SSL from Privacera Portal: In the following example for the JDBC connection from the Privacera Portal:

    The property DB_SSL_ENABLE has been set to true in vars.external.db.mysql.yml.

    Note the value's required leading ?. This CGI-type indicator means that the extra parameters are appended to the HTTP call.

    Also, note that the connection requires SSL, which by default is not enabled on Privacera Platform. SSL is indicated by these parameters: ?useSSL=true&requireSSL=false&verifyServerCertificate=false

    DB_CONNECTION_EXTRA_PARAMETERS: "?useSSL=true&requireSSL=false&verifyServerCertificate=false&serverTimezone=UTC&sessionVariables=aurora_replica_read_consistency='session'"
  • Without SSL from Privacera Portal: In the following example for the JDBC connection from the Privacera Portal:

    Note the value's required leading ?. This CGI-type indicator means that the extra parameters are appended to the HTTP call.

    Also, note that the connection does not use SSL, as is required in the above example.

    DB_CONNECTION_EXTRA_PARAMETERS: "?serverTimezone=UTC&sessionVariables=aurora_replica_read_consistency='session'"
  • Ranger: In the following example for the JDBC connections by Ranger:

    The property DB_SSL_ENABLE has been set to true in vars.external.db.mysql.yml.

    Note that the leading ? is not required and no parameters for SSL are needed, because Ranger automatically detects whether SSL is required if DB_SSL_ENABLE has been set to true.

    RANGER_DB_CONNECTION_EXTRA_PARAMETERS: "serverTimezone=UTC&sessionVariables=aurora_replica_read_consistency='session'"
Prerequisites
  • Create RDS Aurora DB with MySQL with a database name. You'll need to use the database name in the Configuration section below.

    Note

    The RDS database name which you will be entering in the Configuration section below should be created in advance. Privacera does not create a RDS database, but only creates table schemas.

  • If you have installed Privacera using the internal Maria DB and wish to move from the internal database to an external MySQL DB, then you will have to delete the Maria DB container/pod. For more information, see Service Commands.

Procedure
  1. SSH to the instance where Privacera is installed.

  2. Run the following command.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.external.db.mysql.yml config/custom-vars/
    vi config/custom-vars/vars.external.db.mysql.yml
    
  3. In the file, set the following as false:

    DB_INSTALL_MARIADB: "false"
  4. Enter the hostname of the AWS MySQL server, and the name of the database you want to connect to. Get the name of the database from the Prerequisites section above.

    EXTERNAL_DB_HOST: "<PLEASE_CHANGE>"
    EXTERNAL_DB_NAME: "<PLEASE_CHANGE>"
  5. Enter the credentials of the user who has access to the database.

    EXTERNAL_DB_USER: "<PLEASE_CHANGE>"
    EXTERNAL_DB_PASSWORD: "<PLEASE_CHANGE>"
  6. (Optional) Enter a database name for Privacera Portal, Privacera Ranger, and Privacera Ranger KMS. It is recommended to provide different names for the 3 databases.

    PRIVACERA_PORTAL_DB_NAME: "{{EXTERNAL_DB_NAME}}"
    PRIVACERA_RANGER_DB_NAME: "{{EXTERNAL_DB_NAME}}"
    PRIVACERA_RANGER_KMS_DB_NAME: "{{EXTERNAL_DB_NAME}}"  
  7. If you need to pass extra parameters on HTTP calls, set the properties described in Planning extra parameters for HTTP calls above.

  8. Save and exit.

  9. Run the following command.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Note

To learn more about the encryption for Aurora, see the Aurora documentation.