Managed Services configuration in AWS

Storage Security comes bundled with 3rd party services that can be replaced with AWS managed equivalents. Bellow are the steps on how to configure each of the AWS services in MDSS.

MongoDB -> Amazon DocumentDB

  • TLS can be disabled in the cluster parameter group, otherwise the DocumentDB tls certificate will need to be loaded in MDSS using the /etc/mdss/ca_certificates directory

After creating a DocumentDB instance in AWS, its connection string can be added in the MDSS configuration file /etc/mdss/customer.env as it appears in the “Connect“ section:

Bash
Copy

Only required for RHEL with FIPS enabled

If you're running Red Hat Enterprise Linux (RHEL) with FIPS mode, you must append &authMechanism=SCRAM-SHA-1 to your MONGO_URL

When using TLS with DocumentDB the following variables also have to be set:

Bash
Copy

Redis -> Amazon ElastiCache

After creating a new Redis cache in Amazon ElastiCache, its Configuration endpoint can be added in the MDSS configuration file /etc/mdss/customer.env as it appears in the “Cluster details“ section:

Bash
Copy

CACHE_SERVICE_URL and CACHE_SERVICE_PORT also need to be configured for MDSS to check connectivity to the service before starting up.

RabbitMQ -> Amazon MQ

After creating a new Amazon MQ instance, its Endpoint can be added in the MDSS configuration file /etc/mdss/customer.env as it appears in the “Connections“ section:

Bash
Copy

RABBITMQ_HOST and RABBITMQ_PORT also need to be configured for MDSS to check connectivity to the service before starting up.

Due to the limits AmazonMQ puts on the number of consumers per open channel, we recommend decreasing the consumer numbers used for AmazonMQ.

To decrease the number of consumers used and comply with the AmazonMQ limits, the environment variables RABBITMQ_RPC_CONSUMER_MULTIPLIER and RABBITMQ_RPC_CONSUMER_MULTIPLIER can be used with a value lower than the default of 10.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard