Managed Services configuration in AWS
Storage Security comes bundled with 3rd party services that can be replaced with AWS managed equivalents. Bellow are the steps on how to configure each of the AWS services in MDSS.
MongoDB -> Amazon DocumentDB
- TLS can be disabled in the cluster parameter group, otherwise the DocumentDB tls certificate will need to be loaded in MDSS using the
/etc/mdss/ca_certificatesdirectory
After creating a DocumentDB instance in AWS, its connection string can be added in the MDSS configuration file /etc/mdss/customer.env as it appears in the “Connect“ section:
MONGO_URL=mongodb://<username>:<insertYourPassword>@<address>:27017/?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=falseOnly required for RHEL with FIPS enabled
If you're running Red Hat Enterprise Linux (RHEL) with FIPS mode, you must append
&authMechanism=SCRAM-SHA-1to yourMONGO_URL
When using TLS with DocumentDB the following variables also have to be set:
MONGO_CA_CERTIFICATE=rds-combined-ca-bundle.pemMONGO_SSL_ALLOW_INVALID_CERTIFICATES=trueRedis -> Amazon ElastiCache
After creating a new Redis cache in Amazon ElastiCache, its Configuration endpoint can be added in the MDSS configuration file /etc/mdss/customer.env as it appears in the “Cluster details“ section:
CACHE_SERVICE_URI=<redis_hostname>.cache.amazonaws.com:6379CACHE_SERVICE_URL=<redis_hostname>.cache.amazonaws.comCACHE_SERVICE_PORT=6379CACHE_SERVICE_URL and CACHE_SERVICE_PORT also need to be configured for MDSS to check connectivity to the service before starting up.
RabbitMQ -> Amazon MQ
After creating a new Amazon MQ instance, its Endpoint can be added in the MDSS configuration file /etc/mdss/customer.env as it appears in the “Connections“ section:
RABBITMQ_URI=amqps://<username>:<password>@<amazon_mq_hostname>.amazonaws.com:5671RABBITMQ_HOST=<amazon_mq_hostname>.amazonaws.com:5671RABBITMQ_PORT=5671RABBITMQ_HOST and RABBITMQ_PORT also need to be configured for MDSS to check connectivity to the service before starting up.
Due to the limits AmazonMQ puts on the number of consumers per open channel, we recommend decreasing the consumer numbers used for AmazonMQ.
To decrease the number of consumers used and comply with the AmazonMQ limits, the environment variables RABBITMQ_RPC_CONSUMER_MULTIPLIER and RABBITMQ_RPC_CONSUMER_MULTIPLIER can be used with a value lower than the default of 10.