This article applies to customers who self-host a Dasera instance within their own infrastructure.
Overview
These instructions are used to create a Dasera users in AWS VPCs outside of the VPC which hosts your Dasera instance. This grants the Dasera instance the visibility necessary to discover & scan Data Stores within those outside AWS VPCs.
If you plan to only connect Data Stores that also reside in the same VPC as your Dasera instance, these steps can be skipped.
Prerequisites
Dasera has already been installed within your own infrastructure. For more information on that process, please visit our Installing Dasera via AWS CloudFormation article.
Configure CloudFormation Stack
Configure CloudFormation Stack: Secondary Users
Configure CloudFormation Stack: Instructions For the account where you will confi
Configure CloudFormation Stack: Instructions
For the account where you will configure the CloudFormation stack, log into the A
- For the account where you will configure the CloudFormation Stack, log into the AWS console. The CloudFormation Stacks dashboard is displayed.
- Select the target region, if necessary.
- On the dashboard, click the Create Stack button and select the “With new resources (standard)“ option. The Step 1 screen is displayed.
- Under the Specify template section, enter the following value in the Amazon S3 URL field:
https://dasera-release.s3.us-west-2.amazonaws.com/CreateDaseraUser.jsonExcerpt: AWS: Configure CloudFormation Stack: Instructions 3
Proceed with configuring the remainder of your CloudFormation deployment as desired. When ready, navigate to the final step, click the Submit button, and monitor the build to completion.
To learn more about the resources created by the above actions, please expand the following section:
Resources Created
On the Resources tab, the following resources are listed:
| Resource Type | Resource Name |
|---|---|
| IAM Policy | DaseraPolicy |
| IAM Role | DaseraRole |
| IAM Role | DaseraGlueServiceRole |
| IAM User | DaseraUser |
Configure CloudFormation Stack: Roles
In addition, the following permissions are assigned to the new IAM Roles: Role N
In addition, the following permissions are assigned to the new IAM Roles:
Role Name: DaseraRole
| Permission Name | Purpose |
|---|---|
| AWSGlueConsoleFullAccess | Provides full access to AWS Glue via the AWS Management Console |
| AmazonEC2ReadOnlyAccess | For getting regions and instance IDs |
| AmazonRDSReadOnlyAccess | For discovering RDS clusters |
| AmazonRedshiftReadOnlyAccess | Required for discovering RedShift clusters |
| AmazonAthenaFullAccess | Required for discovering Athena clusters and running scans |
| AmazonS3ReadOnlyAccess | Required for scanning S3 |
| AmazonDynamoDBReadOnlyAccess | Required for scanning DynamoDB |
Role Name: DaseraGlueServiceRole
| Permission Name | Purpose |
|---|---|
| AmazonS3ReadOnlyAccess | Required for scanning S3 |
| AWSGlueServiceRole | Required to allow access to related services including EC2, S3, and Cloudwatch Logs |
Generate API Keys
Once your deployment is complete, generate API keys for later use in connecting Dasera to the current AWS Account.
Generate API Keys
Navigate to the IAM Management Console > Users section . The Users list is dis
- Navigate to the IAM Management Console > Users section.
- The Users list is displayed.
- In the User name column, click on the DaseraUser hyperlink.
- The User Summary screen is displayed.
- Navigate to the Security credentials tab.
- Under the Access Key section, click the Create access key button.
- The Create access key modal is displayed.
- Download or copy the following values to your local machine for later use:
- Access key ID
- Secret access key
Next Steps
Connect your Dasera instance to the AWS Account for the new users configured above. To learn more, visit our Introduction to Onboarding AWS Accounts article.