RDS
Requirements
Teleskope Role
Attach RDS read and/or write permissions to the Teleskope IAM role you created
Username and password
Create a read and/or write database user for each RDS cluster you'd like us to scan
SSH Tunnel (Optional)
If your RDS instances are in a private subnet and you don't want to enable VPC peering, create a bastion host for us to use to access your RDS instances.
Grant Teleskope Read IAM Access to RDS
Teleskope needs read access to automatically discover all of your RDS clusters and instances.
Attach the AmazonRDSReadOnlyAccess to the Teleskope role you created.
Terraform
Grant Teleskope Read and Write IAM Access to RDS
Teleskope needs write access take enforce remediation policies such as tagging, deletion, etc.
Attach the AmazonRDSFullAccess to the Teleskope role you created.
Terraform
Teleskope Database User
For each RDS cluster you would like to scan using Teleskope, you will need to create an IAM database user, or create/provide credentials for a database user, and grant that user permissions.
Create Teleskope User
Create IAM Database User
MySQL or MariaDB
Postgres
Create Database User (Without IAM Authentication)
MySQL or MariaDB
Postgres
Grant Read Access to Teleskope user
MySQL or MariaDB
Postgres versions 14+
Postgres versions < 14
Grant Write Access to Teleskope user
MySQL or MariaDB
Postgres versions 14+
Postgres versions < 14
SSH Tunnel (Optional)
Launch an EC2 instance in a public subnet to serve as the SHH tunnel Bastion Host.
The public key for the key-pair parameter will be provided by Teleskope: teleskope-bastion-key.
Designate Teleskope AWS account access within your security group(s). IP addresses will be provided by Teleskope.
Assign an Elastic IP (EIP) to the bastion host.
Adjust route tables and security groups as needed to provide access to the RDS instance through the bastion host.
Provide Teleskope with the bastion username, and the bastion elastic IP.
Last updated