Page History
SQL Compliance Manager offers an improved architecture that allows registering RDS instances with its new RDS Cloud Agent Service. The SQL Compliance Manager Cloud RDS Agent runs under the SQL Compliance Manager Agent Service account on each registered SQL Server computer that hosts the audited instances and databases inside the AWS Cloud.
Pre-Requisites
An AWS Account
RDS Servers
S3 buckets ARN'S to store, destination
Action groups / I AM Roles
File compression
Retention period
The Cloud Agent gathers SQL events logs from audited SQL Server on cloud instances and databases, and then sends the raw data to the Collection Server.
Architecture
Once an RDS instance is registered to audit events, the Collector service receives the audit data request from your registered RDS instance and invokes the RDS Cloud Agent Service to start auditing your RDS instance.
The audited RDS instance is based on the Option Group and S3 bucket Configuration, and after audit completion, the RDS instance transmits the audit file to the AWS S3 bucket. Then, the File processor downloads the new *.sqlaudit file from the AWS S3 bucket parses the file and transfers it to the File Shipper. Finally, the SQL Audited files are transferred to the Collector Service, where the files are processed, and the data is updated in the SQL Compliance repository.
How to create Option Group
Pre-Requisites
The following access and permissions are required on AWS RDS in the AWS console before registering that RDS instance through the SQL CM Console.
- Access to an AWS Account
- Permission to create a directory service for RDS (if RDS is registered using windows auth).
- Permission to create Microsoft AD Windows authentication (if RDS is registered using windows auth).
- Permission to configure and add permissions to the I AM role in RDS.
- Permission to create Option Group and lists of S3 buckets.
Create an Option Group
Use the SQLcm Configuration Wizard for the Agent RDS configuration.
Create You can create an Option Group from the AWS console. Configure Option Groups Programmatically using AWS C# SDK's
In the main navigation pane, select the Options groups from the sidebar menu and click Create group.
In the Create option group window, provide a Name, Description, and select the database Engine type and version.
Click Create.
Next, select the created Option Group and click Add option.
Fill out the required S3 Bucket information.
Create an Option Group from the wizard
Note | ||
---|---|---|
| ||
|
...