Data source: AWS RDS
info
As the first step, you need to set up a machine for Database Lab Engine instance. See the guide Set up a machine for the Database Lab Engine.
See also
To get started using Database Lab for Amazon RDS databses, see the Database Lab tutorial for Amazon RDS.
We have two options to connect to the RDS database, you need to consider the Database authentication method that is assigned to your RDS database.
Options:
- Using password authentication (master password). This option can be used for all Database authentication method enabled for your database and requires to set the master password of the database in the Database Lab configuration file
- IAM database authentication. This option can be used only with Password and IAM database authentication, it requires AWS user credentials and does not require the master password, use this option for granular control of the access to your database
If you want to use IAM database authentication, read how to enable it here.
Option 1: Password authentication
tip
You need to know the master password. If you lost the password it can be reset. Read how to reset it here.
Copy the contents of configuration example config.example.logical_generic.yml
from the Database Lab repository to ~/.dblab/server.yml
and update the following options:
- Set secure
server:verificationToken
, it will be used to authorize API requests to the Engine - Set connection options in
retrieval:spec:logicalDump:options:source:connection
:dbname
: database name to connect tohost
: database server hostport
: database server portusername
: database user namepassword
: database master password (can be also set asPGPASSWORD
environment variable of the Docker container)
- Set proper version in Postgres Docker images tags (change the images itself only if you know what are you doing):
provision:options:dockerImage
retrieval:spec:logicalRestore:options:dockerImage
retrieval:spec:logicalDump:options:dockerImage
Launch Database Lab Engine:
Option 2: IAM database authentication
Prepare AWS user and IAM database access policy
- Create an AWS user (or use an existing one)
- Save and assign AWS access environment variables:Read how you can get the AWS access keys for the existing user here- `export AWS_ACCESS_KEY="access_key"`- `export AWS_SECRET_ACCESS_KEY="secret_access_key"`
- Create and attach an IAM Policy for IAM Database Access to an AWS user. Read how you can to it here
info
Alternatively, you can add AmazonRDSFullAccess
, IAMFullAccess
policies to an AWS user (not recommended).
Set up and run Database Lab Engine
Copy the contents of configuration example config.example.logical_rds_iam.yml
from the Database Lab repository to ~/.dblab/server.yml
and update the following options:
- Set secure
server:verificationToken
, it will be used to authorize API requests to the Engine - Set connection options
retrieval:spec:logicalDump:options:source:connection
:dbname
: database name to connect tousername
: database user name
- Set AWS params in
retrieval:spec:logicalDump:options:source:rdsIam
:awsRegion
: RDS instance regiondbInstanceIdentifier
: RDS instance identifier
- Set proper version in Postgres Docker images tags (change the images itself only if you know what are you doing):
provision:options:dockerImage
retrieval:spec:logicalRestore:options:dockerImage
retrieval:spec:logicalDump:options:dockerImage
Download AWS RDS certificate
This type of data retrieval requires a secure connection to a database. To setup it we need to download a certificate from AWS.
Run Database Lab Engine
Run Database Lab Engine (set proper AWS access keys and update Verification token):