Close
logodocs

Quick Start Guide with AWS

This Quick Start Guide will walk you how to create a gateway and connect to your first datasource through strongDM, on AWS.

If you'd like to use Terraform to set up a test installation of strongDM on AWS, read our strongDM Playground documentation.

Prerequisites

  • Server (to host the gateway): You can repurpose an existing bastion or jump host for testing purposes; for production-ready deployments, we recommend a server reserved exclusively for use as a gateway.
  • Specifications: The strongDM gateway can be installed on any Linux distribution; we recommend servers with 2 CPUs and 4 GBs of memory.
  • Network Settings: To get live quickly, the server hosting the gateway needs to be able to connect to the datasource you’ll set up; this may require modifying the security group on the server or database itself. You’ll also need SSH access to the server.

Create a gateway

  1. Go to the strongDM Admin UI. Click Gateways, followed by add gateway.

    Add Gateway
    Add Gateway
  2. Define the advertised host for the server (e.g. sdm-gw0.yourcompany.com, 111.222.333.444, or ec2-nn-nnn-nnn-nnn.us-east-2.compute.amazonaws.com). It must be an IP or hostname accessible to your strongDM clients. Enter the port that you left open for the gateway to interact with strongDM clients (by default, 5000). If you need to use another port, choose any one above 1024, as strongDM runs as a non-privileged daemon.

  3. Click create. This generates a token which is shown only once. Carefully copy the token and save it for later use.

  4. Establish an SSH connection to the server that will be hosting the gateway.

  5. Download the strongDM binary:

    $ curl -J -O -L https://app.strongdm.com/releases/cli/linux
  6. Unzip it.

    $ unzip sdmcli_VERSION_NUMBER_linux_amd64.zip
  7. Install the gateway.

    • The installer must be run by a user that exists in the /etc/passwd file.

    • If you typically set up servers with SELinux on, make sure it is turned off while installing the strongDM binary.

    $ sudo ./sdm install --relay

    You will be prompted for the token created earlier; paste it in and hit enter. Note that the token won't echo back to you.

  8. Return to the Admin UI. In the Gateways section, the gateway just created should show a status of "online," and the heart icon should be intact.

    If the gateway does not appear to be online, it's possible the webpage is cached. Please perform a hard refresh of your browser.

    If the gateway is still not online, verify that the strongDM daemon is running by typing in ps aux|grep sdm on the server and looking for a line that says sdm relay.

    If you run into any problems, please contact strongDM support.

Add a datasource

  1. Navigate to the Datasources page in the Admin UI and click add datasource.

    Add Datasource
    Add Datasource
  2. Type in a Display Name. This name will appear for those who are granted access.

  3. Select the Datasource Type from the dropdown.

  4. Enter the Hostname. This address must be resolvable from the perspective of the gateway. One way to verify this is by SSHing to the gateway, and using netcat: nc -zv <YOUR_HOSTNAME> <YOUR_PORT> (for example, nc -zv testdb-01.fancy.org 3306 or nc -zv 111.222.333.444 3306).

  5. strongDM prepopulates the PORT field with the database default. Feel free to change it if your database is set to listen on a different port.

  6. Enter the username, password, and default database name to complete the connection.

  7. Click the create button.

  8. The Admin UI will update and the added datasource should turn green momentarily. If it doesn’t, click the edit pencil, click the Diagnostics tab, and hit ‘check now’. The Admin UI will indicate if there is a network or credentialing error.

    If you have problems, contact strongDM support.

Connect to a datasource! (Yay!)

  1. Go to the Users page in the Admin UI. Click your username, then Datasources, then the newly-created datasource to grant yourself access.

  2. Install the strongDM client. Click here to go to the Downloads page.

    Installation guides can be found here:

  3. Open the installed local client and log in. The datasource should appear in the list of available resources.

  4. At the top of the GUI, there is a cloud. If the icon is white, you’re good!

    If the icon is in a reconnecting / yellow state, the local client is unable to resolve the address of the gateway.

    • Check that the same port (5000 by default) that the gateway listens on for inbound traffic is open within the firewall or AWS security group.
    • If you’ve given the gateway a private IP or put it behind a VPN, you’ll need to make sure the local client can resolve the hostname of the gateway.

    For more tips on what the problem might be, run sdm doctor -v, which gives you a status report and information about issues that strongDM might be encountering.

    If you have any problems, please contact strongDM support.

  5. Click the datasource; a green lightning bolt will appear. This indicates that the local client is listening on that port.

  6. Open your preferred SQL client (in this example, TablePlus), and create a new connection. Enter 127.0.0.1 (for some clients, this needs to be localhost) and the port that was assigned within the local client (in this example, 5472). For most clients, the username and password may be left blank. Please read the Connecting to Databases guide for specific SQL connection requirements.

    TablePlus Client
    TablePlus Client
  7. Click connect, and start querying!

Next Steps

Installation — Previous
Installation Overview
Next — Installation
Install Your Gateway