Documentation
Guarded Public Access
External Actor Access
Important
This only allows access to actors approved in your security group policies, not all public actors. We will configure the security group policy in the next section.
Modify your database instance to be publicly accessible by approved actors:
- 1.
- 2.Select Modify.
- 3.Scroll down to the Connectivity section and reveal Additional configuration.
- 4.Select Publicly accessible.
- 5.Scroll down to the bottom of the page and select Continue.
- 6.Select Apply immediately.
- 7.Select Modify DB instance.
Security Group Access
Modify your database instance's security group to allow OtterTune traffic:
- 1.
- 2.Select the Connectivity & security tab.
- 3.Select the hyperlink under VPC security groups.
- 4.Select Actions -> Edit inbound rules.
- 5.Select Add rule.
- 6.Input the following information:
- 1.Type:
MySQL/AuroraorPostgreSQL - 2.Source:
Custom - 3.[OtterTune's Elastic IP address]:
3.18.139.24/32 - 4.Description:
Elastic IP for OtterTune
- 7.Select Save rules.
Database Authentication
Choose a method for OtterTune to authenticate your database.
- Method #1: AWS IAM Database Authentication: Use OtterTune's AWS IAM Role to perform authentication. See the AWS RDS documentation for details.
Method #1: AWS IAM Database Authentication
- 1.
- 2.Select Modify.
- 3.Scroll down to the Database authentication section and select Password and IAM database authentication.
- 4.Scroll down to the bottom of the page and select Continue.
- 5.Select Apply immediately.
- 6.Select Modify DB instance.
Create the database user and grant permissions:
MySQL
PostgreSQL
1
CREATE USER 'ottertune' IDENTIFIED WITH AWSAuthenticationPlugin as 'RDS';
2
GRANT PROCESS ON *.* TO 'ottertune';
3
GRANT SHOW VIEW ON *.* TO 'ottertune';
4
GRANT REPLICATION CLIENT ON *.* TO 'ottertune';
5
GRANT SELECT ON performance_schema.events_statements_summary_by_digest TO 'ottertune';
6
-- if mysql version >= 8.0
7
GRANT SELECT ON performance_schema.events_statements_histogram_global TO 'ottertune';
Copied!
1
CREATE USER ottertune;
2
GRANT rds_iam TO ottertune;
3
GRANT pg_monitor TO ottertune;
Copied!
Important
For PostgreSQL, entering a database username without quotes is case-insensitive. To make it case-sensitive, you can wrap it in quotes.
For example:
create user ottertuneUser;will result in the username
ottertuneuser, whereascreate user 'ottertuneUser'; will result in the username
ottertuneUser.Enter the Database Username into the OtterTune form and select Finish:
Method #2: Database Password Authentication
Create the database user and grant permissions:
MySQL
PostgreSQL
1
CREATE USER 'ottertune' IDENTIFIED BY '<password>';
2
GRANT PROCESS ON *.* TO 'ottertune';
3
GRANT SHOW VIEW ON *.* TO 'ottertune';
4
GRANT REPLICATION CLIENT ON *.* TO 'ottertune';
5
GRANT SELECT ON performance_schema.events_statements_summary_by_digest TO 'ottertune';
6
-- if mysql version >= 8.0
7
GRANT SELECT ON performance_schema.events_statements_histogram_global TO 'ottertune';
Copied!
1
CREATE USER ottertune WITH PASSWORD '<password>';
2
GRANT pg_monitor TO ottertune;
Copied!
Important
For PostgreSQL, entering a database username without quotes is case-insensitive. To make it case-sensitive, you can wrap it in quotes.
For example:
create user ottertuneUser;will result in the username
ottertuneuser, whereascreate user 'ottertuneUser'; will result in the username
ottertuneUser.Enter the Database Username and Database Password into the OtterTune form and select Finish:
Last modified 16d ago