Managed Services configuration in AWS
Software Supply Chain comes bundled with 3rd party services that can be replaced with AWS managed equivalents. Below are the steps on how to configure each of the AWS services in MDSSC.
MongoDB -> Amazon DocumentDB
See AWS DocumentDB with MongoDB Engine for full deployment and connection instructions.
- TLS can be disabled in the cluster parameter group, otherwise the DocumentDB tls certificate will need to be loaded in MDSSC using the
/etc/mdssc/ca_certificatesdirectory
After creating a DocumentDB instance in AWS, its connection string can be added in the MDSSC configuration file /etc/mdssc/.env as it appears in the “Connect“ section:
MONGO_URL=mongodb://<username>:<insertYourPassword>@<address>:27017/?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=falseOnly required for RHEL with FIPS enabled
If you're running Red Hat Enterprise Linux (RHEL) with FIPS mode, you must append
&authMechanism=SCRAM-SHA-1to yourMONGO_URL
When using TLS with DocumentDB the following variables also have to be set:
MONGO_CA_CERTIFICATE=rds-combined-ca-bundle.pemMONGO_SSL_ALLOW_INVALID_CERTIFICATES=trueRedis -> Amazon ElastiCache
After creating a new Redis cache in Amazon ElastiCache, its Configuration endpoint can be added in the MDSSC configuration file /etc/mdssc/.env as it appears in the “Cluster details“ section:
CACHE_SERVICE_URI=<redis_hostname>.cache.amazonaws.com:6379CACHE_SERVICE_URL=<redis_hostname>.cache.amazonaws.comCACHE_SERVICE_PORT=6379CACHE_SERVICE_URL and CACHE_SERVICE_PORT also need to be configured for MDSSC to check connectivity to the service before starting up.
RabbitMQ -> Amazon MQ
After creating a new Amazon MQ instance, its Endpoint can be added in the MDSSC configuration file /etc/mdssc/.env as it appears in the “Connections“ section:
RABBITMQ_URI=amqps://<username>:<password>@<amazon_mq_hostname>.amazonaws.com:5671RABBITMQ_HOST=<amazon_mq_hostname>.amazonaws.com:5671RABBITMQ_PORT=5671RABBITMQ_HOST and RABBITMQ_PORT also need to be configured for MDSSC to check connectivity to the service before starting up.
Due to the limits AmazonMQ puts on the number of consumers per open channel, we recommend decreasing the consumer numbers used for AmazonMQ.
To decrease the number of consumers used and comply with the AmazonMQ limits, the environment variables RABBITMQ_CONSUMER_MULTIPLIER and RABBITMQ_RPC_CONSUMER_MULTIPLIER can be used with a value lower than the default of 10.
