Skip to content

User Guide - AWS CLI

Overview

This section provides information about the AWS CLI and how to set it up to use Privacera DataServer.

Pre Read

  1. Privacera DataServer Proxy

Pre-requisite

Privacera DataServer requires IAM role to access AWS services like S3, Glue, DynamoDB, etc. Make sure they are configured and running before using the AWS CLI with Privacera DataServer. Below are links to few of the AWS services. Others can be found the Connectors Section.

  1. Privacera DataServer is configured and running.
  2. AWS S3 IAM Role is configured for Privacera DataServer.

Before using AWS CLI with Privacera, you need to set up the AWS CLI and configure it to work with Privacera DataServer. For that you need to download the privacera_aws.sh script from the Privacera Portal or CLI and use it to setup the shell to work with Privacera DataServer. The script will set up the AWS CLI to work with Privacera DataServer.

Configuration

There are 2 ways to set up the AWS CLI with Privacera DataServer:

  1. Using the Privacera Portal
    • On the Privacera Portal, click Launch Pad from the left menu.
    • In the AWS Services section, click AWS CLI to open the AWS CLI dialog.
    • Under Configure Script in the AWS CLI dialog, click Download Script to save the script to your local machine.

  2. Using the command line using curl or wget

    Replaces <PRIVACERA_PORTAL_HOST> to the hostname of the Privacera Portal in your environment.

    Bash
    1
2
    wget http://<PRIVACERA_PORTAL_HOST>/api/cam/download/script \
-O ~/privacera_aws.sh
    If you are using HTTPS and the portal is using self-signed certificate, then you may need to use the "--no-check-certificate" option for wget.
    Bash
    1
2
3
    wget --no-check-certificate \
https://<PRIVACERA_PORTAL_HOST>/api/cam/download/script \
-O ~/privacera_aws.sh

You always need to run privacera_aws.sh script with dot space before the script name

Bash
1
. ~/privacera_aws.sh [command]
  • Make the script executable by running the following command:
    Bash
    1
    chmod a+x ~/privacera_aws.sh

  • Click on the Generate button in the Generate Token Section to generate Privacera Access Key and Privacera Secret Token. Select the Never Expire toggle, before generating the Token to not let the tokens expire.

  • Run the following command:

    Bash
    1
    source privacera_aws.sh --config-token

  • Enter Privacera Access Key and Privacera Secret Token displayed on the portal under the Generate Token section.
  • To run any AWS CLI command with profile configuration, you need to set up the profile. This can be done by running the following command. Replace <profile-name> with the AWS CLI profile name you want to use, for example default.
    Bash
    1
    . ~/privacera_aws.sh --profile <profile-name>

Note

The command to enable the proxy works only when SSL is disabled.

  • After your server is configured, you need to enable proxy before running any AWS CLI command. Enable proxy with command below

    Bash
    1
    . ~/privacera_aws.sh --enable-proxy

  • To run any AWS CLI command with endpoint configuration, you need to enable endpoint configuration. This can be done by running the below command

    Bash
    1
    . ~/privacera_aws.sh --enable-endpoint

  • To Disable Proxy, run the following command (Optional)
    Bash
    1
    . ~/privacera_aws.sh --disable-proxy
  • To Disable Endpoint Configuration, run the following command (Optional)
    Bash
    1
    . ~/privacera_aws.sh --disable-endpoint
  • On the Privacera Portal, click Launch Pad -> Setup AWS CLI from the left menu.
  • Under Configure Script in AWS CLI, click Download Token to save the token to the .privacera folder in your home directory, (e.g., $HOME/.privacera/privacera_token).
  • Click Download Script to save the script to your home directory, (e.g., $HOME/privacera_aws.sh).

Private Link Configuration

If you are using AWS PrivateLink for your PrivaceraCloud connection, you must update the DNS hostname in the downloaded privacera_aws.sh script.

  1. After downloading the script, open the privacera_aws.sh file located in your home directory.

  2. Locate the DS_URL_HOST variable.

  3. Replace the public DNS value with the appropriate PrivateLink DNS for your region.

Example:

Bash
1
2
3
4
5
# Old (public DNS)
DS_URL_HOST=ds.privaceracloud.com

# New (private link DNS - replace with your region's DNS from the table)
DS_URL_HOST=vpce-us-west-2-aws-ds.privaceracloud.com

Use the correct PrivateLink DNS name for your region from the Available PrivateLink Services table

After making this change, continue with the remaining configuration steps as described in this guide.

You always need to run privacera_aws.sh script with dot space before the script name

Bash
1
. ~/privacera_aws.sh [command]
  • Make the script executable by running the following command:
    Bash
    1
    chmod a+x ~/privacera_aws.sh
  • To run any AWS CLI command with profile configuration, you need to set up the profile. This can be done by running the following command. Replace <profile-name> with the AWS CLI profile name you want to use, for example default.
    Bash
    1
    . ~/privacera_aws.sh --profile <profile-name>

Note

  • You can find your profile name by going to: Setting → Applications → Select S3 Application → Edit Application → Access Management
  • On the Privacera Portal, click Launch Pad -> Setup AWS CLI from the left menu.

Note

For the Launch Pad to be visible on the portal, an S3 application must be configured with Access Management enabled.

  • Under Configure Script in AWS CLI, click Download Token to save the token to the .privacera folder in your home directory, (e.g., $HOME/.privacera/privacera_token).
  • Click Download Script to save the script to your home directory, (e.g., $HOME/privacera_aws.sh).

You always need to run privacera_aws.sh script with dot space before the script name

Bash
1
. ~/privacera_aws.sh [command]

  • Make the script executable:

    Bash
    1
    chmod a+x ~/privacera_aws.sh

  • Configure the CLI by providing the DataServer endpoint URL:

    Bash
    1
    . ~/privacera_aws.sh --endpoint-url <dataserver-url>

  • Run the below command to check the status of configurations:
    Bash
    1
    . ~/privacera_aws.sh --status
  • After successful configuration, you should be able to run AWS CLI commands.
  • To disable Privacera CLI, run the below command:
    Bash
    1
    . ~/privacera_aws.sh --disable

Testing AWS S3 using AWS CLI

Once you have configured the AWS CLI, you can run the following command to list S3 buckets:

Bash
1
aws s3 ls s3://

Testing AWS Glue using AWS CLI

Once you have configured the AWS CLI, you can run the following command to get the status of AWS Glue:

Bash
1
aws glue get-catalog-import-status --region <REGION>

Tip

The setup is only valid for the current shell session. If you open a new terminal, you need to run the script again.