Skip to content

User Guide - AWS CLI

This section provides information about the AWS CLI and how to set it up to use Privacera DataServer.

Pre-requisite

Privacera DataServer requires IAM role to access AWS services like S3, Glue, DynamoDB, etc. Make sure they are configured and running before using the AWS CLI with Privacera DataServer. Below are links to few of the AWS services. Others can be found the Connectors Section.

  1. Privacera DataServer is configured and running.
  2. AWS S3 IAM Role is configured for Privacera DataServer.

Before using AWS CLI with Privacera, you need to set up the AWS CLI and configure it to work with Privacera DataServer. For that you need to download the privacera_aws.sh script from the Privacera Portal or CLI and use it to setup the shell to work with Privacera DataServer. The script will set up the AWS CLI to work with Privacera DataServer.

There are 2 ways to set up the AWS CLI with Privacera DataServer:

  1. Using the Privacera Portal
    • On the Privacera Portal, click Launch Pad from the left menu.
    • In the AWS Services section, click AWS CLI to open the AWS CLI dialog.
    • Under Configure Script in the AWS CLI dialog, click Download Script to save the script to your local machine.
  2. Using the command line using curl or wget

    Replaces <PRIVACERA_PORTAL_HOST> to the hostname of the Privacera Portal in your environment.

    Bash
    wget http://<PRIVACERA_PORTAL_HOST>:6868/api/cam/download/script \
      -O ~/privacera_aws.sh
    
    If you are using HTTPS and the portal is using self-signed certificate, then you may need to use the "--no-check-certificate" option for wget.
    Bash
    1
    2
    3
    wget --no-check-certificate \
          https://<PRIVACERA_PORTAL_HOST>:6868/api/cam/download/script 
          -O ~/privacera_aws.sh
    

  • On the Privacera Portal, click Launch Pad -> Setup AWS CLI from the left menu.
  • Under Configure Script in AWS CLI, click Download Token to save the token to the .privacera folder in your home directory, (e.g., $HOME/.privacera/privacera_token).
  • Click Download Script to save the script to your home directory, (e.g., $HOME/privacera_aws.sh).

You always need to run privacera_aws.sh script with dot space before the script name

Example: shell. ~/privacera_aws.sh [command]```

  • Make the script executable by running the following command:
    Bash
    chmod a+x ~/privacera_aws.sh
    
  • To run any AWS CLI command with profile configuration, you need to set up the profile. This can be done by running the following command. Replace with the profile name you want to use for the CLI, such as default.
    Bash
    . ~/privacera_aws.sh --profile <profile-name>
    
  • Under the Check Status section, run the below command to check the status of all configurations and dependencies:
    Bash
    . ~/privacera_aws.sh --status
    
  • To disable Privacera CLI, run the below command:
    Bash
    . ~/privacera_aws.sh --disable
    

Testing AWS S3 using AWS CLI

Once you have configured the AWS CLI, you can run the following command to list S3 buckets:

Bash
aws s3 ls s3://

Testing AWS Glue using AWS CLI

Once you have configured the AWS CLI, you can run the following command to get the status of AWS Glue:

Bash
aws glue get-catalog-import-status

Tip

  1. The setup is only valid for the current shell session. If you open a new terminal, you need to run the script again.
  2. You only need re-download the privacera_aws.sh script if your PrivaceraToken has expired

[TODO]: Need to review the below section

  • Run the following command:
    Bash
    source privacera_aws.sh --config-token
    
  • Enter Privacera Access Token and Privacera Secret Token displayed on the portal under the Generate Token section.
  • To run any AWS CLI command with endpoint configuration, you need to enable endpoint configuration. This can be done by running the below command
    Bash
    . ~/privacera_aws.sh --enable-endpoint
    

Comments