Quick Start Guide with AWS

Last modified on August 10, 2022

Overview

This Quick Start Guide will walk you how to create a gateway and connect to your first datasource through strongDM, on AWS.

Prerequisites

  • Server (to host the gateway): You can repurpose an existing bastion or jump host for testing purposes; for production-ready deployments, we recommend a server reserved exclusively for use as a gateway.
  • Specifications: The strongDM gateway can be installed on any Linux distribution; we recommend servers with 2 CPUs and 4 GBs of memory.
  • Network Settings: To get live quickly, the server hosting the gateway needs to be able to connect to the datasource you’ll set up; this may require modifying the security group on the server or database itself. You’ll also need SSH access to the server.

Create a gateway

  1. Go to the strongDM Admin UI. Click Gateways, followed by add gateway.
Add Gateway
Add Gateway
  1. Define the advertised host for the server (e.g. sdm-gw0.yourcompany.com, 111.222.333.444, or ec2-nn-nnn-nnn-nnn.us-east-2.compute.amazonaws.com). It must be an IP or hostname accessible to your strongDM clients. Enter the port that you left open for the gateway to interact with strongDM clients (by default, 5000). If you need to use another port, choose any one above 1024, as strongDM runs as a non-privileged daemon.

  2. Click create. This generates a token which is shown only once. Carefully copy the token and save it for later use.

  3. Establish an SSH connection to the server that will be hosting the gateway.

  4. Download the strongDM binary:

    $ curl -J -O -L https://app.strongdm.com/releases/cli/linux
    
  5. Unzip it.

    $ unzip sdmcli_VERSION_NUMBER_linux_amd64.zip
    
  6. Install the gateway.

    $ sudo ./sdm install --relay
    

    You will be prompted for the token created earlier; paste it in and hit enter. Note that the token won’t echo back to you.

  7. Return to the Admin UI. In the Gateways section, the gateway just created should show a status of “online,” and the heart icon should be intact.

Add a datasource

  1. Navigate to the Datasources page in the Admin UI and click add datasource.

    Add Datasource
    Add Datasource
  2. Type in a Display Name. This name will appear for those who are granted access.

  3. Select the Datasource Type from the dropdown.

  4. Enter the Hostname. This address must be resolvable from the perspective of the gateway. One way to verify this is by SSHing to the gateway, and using netcat: nc -zv <YOUR_HOSTNAME> <YOUR_PORT> (for example, nc -zv testdb-01.fancy.org 3306 or nc -zv 111.222.333.444 3306).

  5. strongDM prepopulates the PORT field with the database default. Feel free to change it if your database is set to listen on a different port.

  6. Enter the username, password, and default database name to complete the connection.

  7. Click the create button.

  8. The Admin UI will update and the added datasource should turn green momentarily. If it doesn’t, click the edit pencil, click the Diagnostics tab, and hit ‘check now’. The Admin UI will indicate if there is a network or credentialing error.

If you have problems, contact strongDM support.

Connect to a datasource! (Yay!)

  1. Go to the Users page in the Admin UI. Click your username, then Datasources, then the newly-created datasource to grant yourself access.

  2. Install the strongDM client. Click here to go to the Downloads page.

  3. Open the installed local client and log in. The datasource should appear in the list of available resources.

  4. At the top of the GUI, there is a cloud. If the icon is white, you’re good!

  5. Click the datasource; a green lightning bolt will appear. This indicates that the local client is listening on that port.

  6. Open your preferred SQL client (in this example, TablePlus), and create a new connection. Enter 127.0.0.1 (for some clients, this needs to be localhost) and the port that was assigned within the local client (in this example, 5472). For most clients, the username and password may be left blank. Please read the Connecting to Databases guide for specific SQL connection requirements.

    TablePlus Client
    TablePlus Client
  7. Click connect, and start querying!

Next Steps

Top