Skip to content

Data Server#

AWS S3 Data Server#

This topic covers how you can configure access control for AWS S3 through Privacera Dataserver.

Prerequisites

Ensure that the following prerequisites are met:

  • Create and add an AWS IAM Policy defined to allow access to S3 resources.

    Follow AWS IAM Create and Attach Policy instructions, using either "Full S3 Access" or "Limited S3 Access" policy templates, depending on your enterprise requirements.

    Return to this section once the Policy is attached to the Privacera Manager Host VM.

Configuration Steps

  1. SSH to the Privacera Manager Host.

  2. Create a vars.datasever.aws.yml file in .custom-vars/.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.dataserver.aws.yml config/custom-vars/
    
  3. Edit the properties. For property details and description, click here

    vi config/custom-vars/vars.dataserver.aws.yml
    

    Note

    You can also add custom properties that are not included by default. See Dataserver.

  4. Run Privacera Manager update.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Note

Make sure you're familiar with encryption for S3. See Amazon's documentation.

AWS Athena Data Server#

This topic covers how you can configure access control for AWS Athena through Privacera Dataserver.

Prerequisites

Ensure the following:

  • Create and add an AWS IAM Policy defined to allow rights to use Athena and Glue resources and databases.

    Follow AWS IAM Create and Attach Policy instructions, using the "Athena Access" policy modified as necessary for your enterprise. Return to this section once the Policy is attached to the Privacera Manager Host VM. 

Configuration

  1. SSH to the Privacera Host VM.

  2. Create configuration file 'vars.dataserver.aws.yml' in ./custom-vars:

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.dataserver.aws.yml config/custom-vars/
    
  3. (Optional) Identify an existing S3 bucket or create one to store the Athena query results.

    This value overrides the storage S3 path for Athena Select CLI commands. Set AWS_ATHENA_RESULT_STORAGE_URL to this bucket identifier.

    vi config/custom-vars/vars.dataserver.aws.yml
    

    If this property is left empty, the S3 path in the CLI commands will be used.

    AWS_ATHENA_RESULT_STORAGE_URL: "s3://${S3_BUCKET_FOR_QUERY_RESULTS}/athena-query-results/"
    

    Save and exit.

  4. Run Privacera Manager update.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update
    

Last update: August 24, 2021