Generate a relay token. Log into the Admin UI and select Gateways on the left navigation bar. Click on the add relay button in the upper right, and a box will pop up. You can rename the relay here, or do it later. Click on create and the relay token will appear onscreen.
Copy the relay token and put it aside, being careful to capture every character. You will need it again in step five.
sdm relay create if you want to generate a token via the CLI.
If you have not already done so, install Docker
Please note that the relay MUST be installed on an ‘always up’ machine, as it will form the connection to strongDM for all users accessing the database. You may repurpose a pre-existing machine (e.g. bastion host), or in AWS parlance, any general purpose instance with at least 2 CPU and 4 GBs memory (e.g. the M3 or M4s are a solid choice).
Execute the docker command
$ docker pull quay.io/sdmrepo/relay
To activate your relay, type the following Docker command replacing XXX with the actual token you created:
$ docker run --restart=always [--net=host] --name sdm-relay -e SDM_RELAY_TOKEN=XXX -d quay.io/sdmrepo/relay
Note: The “net=host” option is only necessary if the destination database is known as “localhost” (running sdm-relay colocated with the DB), otherwise the Docker default will work fine. If the destination database is already in a container, we can provide a separate pattern for configuring Docker container linking
Login to the Admin UI. In that section, the relay you created should appear Online, with a heartbeat.
If any errors occur or if the relay does not report “online” status, please contact email@example.com for assistance.