Skip to content

Setup for AWS S3

Configure

Perform following steps to configure Dataserver with AWS-S3:

  1. SSH into the instance where Privacera Manager is installed.

  2. Open the vars.dataserver.aws.yml file.

    Bash
    1
2
    cd ~/privacera/privacera-manager
vi config/custom-vars/vars.dataserver.aws.yml

  3. Modify the following properties:

    YAML
    1
2
3
4
5
6
    DATASERVER_AWS_PROFILE_PROPERTIES:
- PROFILE_NAME: "aws_account1"
  PROFILE_PROPERTIES:
    - AUTHN_METHOD: "CUSTOM_IAM"
    - IAM_ARN: "arn:aws:iam::<account_id>:role/<role_name>"
    - REGION: "us-east-1"

    Data Plane Mode
    • It is mandatory to set the DATASERVER_D2P_MODE_ENABLE and DATASERVER_AWS_MULTI_ACCOUNT_PROFILE_ENABLE properties to true to enable the DataServer for Data Plane mode.
      YAML
       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
      DATASERVER_D2P_MODE_ENABLE: "true"
DATASERVER_AWS_MULTI_ACCOUNT_PROFILE_ENABLE: "true"
DATASERVER_AWS_PROFILE_NAME_DEFAULT: "aws_account1"
DATASERVER_AWS_PROFILE_NAMES: "aws_account1, aws_account2"
DATASERVER_AWS_PROFILE_PROPERTIES:
- PROFILE_NAME: "aws_account1"
    PROFILE_PROPERTIES:
      - AUTHN_METHOD: "CUSTOM_IAM"
      - IAM_ARN: "arn:aws:iam::<account_id>:role/<role_name>"
      - REGION: "us-east-1"
- PROFILE_NAME: "aws_account2"
    PROFILE_PROPERTIES:
      - AUTHN_METHOD: "CUSTOM_IAM"
      - IAM_ARN: "arn:aws:iam::<account_id>:role/<role_name>"
      - IAM_ROLE_EXTERNAL_ID: "test1234"
      - REGION: "us-east-1"
  4. Once the properties are configured, run the following commands:
    Bash
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
    cd ~/privacera/privacera-manager

# step 1 - Set up the environment, which generates the Helm charts. 
# This step usually takes a few minutes.
./privacera-manager.sh setup

# step 2 - install or upgrade the Privacera Manager helm charts
./pm_with_helm.sh [install|upgrade]

# step 3 - Perform post-installation steps, which generate the Plugin tarball,
# updates Route 53 DNS, etc.
./privacera-manager.sh post-install

Perform following steps to configure Dataserver with AWS-S3 in PrivaceraCloud:

  1. In PrivaceraCloud, navigate to Settings -> Applications.
  2. On the Applications screen, select S3 application under Available connections.
  3. Enter the application Name and Description, then click Save.
  4. You will see Privacera Access Management and Data Discovery with toggle buttons.
  5. Enable Privacera Access Management by toggling the button.
  6. Under the BASIC tab, enter the following:
    • Profile Name: Enter a unique profile name for your application.

    You can set up multiple AWS accounts. You can see the tabs with your application names in the File Explorer.

    • AWS Account Setup:
      • Without IAM Role:
        • AWS Access Key: Enter the Access Key for the AWS account.
        • AWS Secret Key: Enter the Secret Key for the AWS account.
        • AWS Region: Enter the region of the AWS S3 bucket.
      • With IAM Role:
        • AWS IAM Role: Enter the full ARN of the IAM Role.
        • AWS Region: Enter the region of the AWS S3 bucket.
  7. Click on the Test Connection button to verify the connection.
  8. On the ADVANCED tab, you can add custom properties if needed.
  9. Click on the Test Connection again to ensure the settings are correct, then click Save.

Validation

To validate AWS S3 configuration, one of the following approach can be followed:

Comments