Skip to main content

Amazon Aurora RDS

Integrating Amazon RDS with Osano

Connecting to Amazon RDS

In order for Osano to discover data stored in your systems, we must connect to those data providers via an API. We require, at minimum, read-only access to establish a connection to these providers. Each provider you connect may require different information. Please see the linked vendor documentation for instructions on where and how to obtain this data.

Prerequisites

  • Ensure your postgres/mySQL instance is compatible with the Data API. Check here
  • Enable the Data API for your RDS instance. Enabling Data Api
  • To get the ARN of the RDS cluster, enter this into your AWS CLI:
    • aws rds describe-db-clusters --db-cluster-identifier <NAME> --query DBClusters[0].DBClusterArn
  • Create a secret in AWS Secret Manager:
    • aws secretsmanager create-secret --name osanoSecret --description "Osano's Data API Secret" --secret-string "{\"username\":\"<username>\",\"password\":\"<password>\"}" --query ARN
    • Ensure the secret has the proper permissions to access the RDS cluster.
  • Create an IAM user and attach the following permissions policies.
    • {
         "Version": "2012-10-17",
         "Statement": [
             {
                 "Sid": "SecretsManagerDbCredentialsAccess",
                 "Effect": "Allow",
                 "Action": [
                     "secretsmanager:GetSecretValue"
                 ],
                 "Resource": "arn:aws:secretsmanager:<REGION>:<ACCOUNT_ID>:secret:<SECRET-*>"
             },
             {
                 "Sid": "RDSDataServiceAccess",
                 "Effect": "Allow",
                 "Action": [
                     "rds-data:BatchExecuteStatement",
                     "rds-data:BeginTransaction",
                     "rds-data:CommitTransaction",
                     "rds-data:ExecuteStatement",
                     "rds-data:RollbackTransaction"
                 ],
                 "Resource": [
                     "arn:aws:rds:<REGION>:<ACCOUNT_ID>>:cluster:<OSANO-CLUSTER>",
                     "arn:aws:rds:<REGION>:<ACCOUNT_ID>>:cluster:<OSANO-CLUSTER>"
                     ...
                 ]
             }
         ]
      }
    • Create an Access Key for the user by going into IAM > Users > {Username} > Create Access Key. Note the Access Key ID and Secret Access Key.
    • Have your AWS credentials, cluster ARN, secret ARN, AWS region, and database name ready.

Step by step guide

  1. Access Data Mapping Settings:

    • Navigate to the Data Mapping page in the Osano application.
    • Select Sources from the left-hand navigation menu.

  2. Select Cloud DB as Source type

  3. From the available SSO sources, select Amazon RDS.

  4. Configure RDS SSO Integration:

    • Follow the on-screen instructions to configure your RDS SSO integration.
    • Enter your Amazon credentials.
    • Enter your Amazon ARNs.
    • Enter your database name.
    • Click Save.

  5. View RDS SSO Integration:

    • Once saved, you will see your RDS SSO integration in the list of configured SSO sources.
    • Your integration will include tables that already exist in your RDS environment.

  6. Click into the Discovered Data to view the tables that synced from RDS.

  7. Create a new data store:

    • To proceed with creating a new data store, click on Review.
    • Follow the prompts to create a new data store.