MuleSoft Connector for AWS Data Management

Build 20.0.7654

Establishing a Connection

This section describes how to connect to AWS Data Management from your AnyPoint Studio project. You can use wizards or the XML editor in AnyPoint Studio to define connection properties in a global element. Global elements can be reused across other building blocks in your project.

Create a Connection in the Visual Editor

Complete the following steps to visually add the connector to your project and create a connection:

  1. Create a new Mule Project in Anypoint Studio.
  2. From the palette, drag the connector into your Mule flow.
  3. On the Message Flow canvas, double-click the connector icon to open the connector properties in the Properties pane.
  4. In the General section, click Add and define the AWS Data Management connection properties. Note that the user name and Password properties always appear here. The user name must be set as it is used as the key for the connection if connection pooling is enabled.

Create a Connection in the XML Editor

Set connection properties in the <cdata-awsdatamanagement:config> element in the root of the project's XML.

Note: The user name attribute must always be included here and serves as the key for the connection if connection pooling is enabled.

  <cdata-awsdatamanagement:config name="CData_AWSDataManagement_Configuration" username="MyName" connectionProperty1="MyProperty" ... doc:name="CData AWSDataManagement: Configuration"/> 

Obtaining the Access Key

To obtain the credentials for an IAM user, follow the steps below:

  1. Sign into the IAM console.
  2. In the navigation pane, select Users.
  3. To create or manage the access keys for a user, select the user and then select the Security Credentials tab.

To obtain the credentials for your AWS root account, follow the steps below:

  1. Sign into the AWS Management console with the credentials for your root account.
  2. Select your account name or number and select My Security Credentials in the menu that is displayed.
  3. Click Continue to Security Credentials and expand the Access Keys section to manage or create root account access keys.

Authenticating with Root Credentials

To authenticate using account root credentials, set the following:

  • AuthScheme: Set this to AwsRootKeys.
  • AWSAccessKey: The access key associated with the AWS root account.
  • AWSSecretKey: The secret key associated with the AWS root account.

Note: Use of this authentication scheme is discouraged by Amazon for anything but simple tests. The account root credentials have the full permissions of the user, making this the least secure authentication method.

Authenticating with Temporary Credentials

To authenticate using temporary credentials, specify the following:

  • AuthScheme: Set this to TemporaryCredentials.
  • AWSAccessKey: The access key of the IAM user to assume the role for.
  • AWSSecretKey: The secret key of the IAM user to assume the role for.
  • AWSSessionToken: Your AWS session token. This will have been provided alongside your temporary credentials. See this link for more info.

The connector can now request resources using the same permissions provided by long-term credentials (such as IAM user credentials) for the lifespan of the temporary credentials.

If you are also using an IAM role to authenticate, you must additionally specify the following:

  • AWSRoleARN: Specify the Role ARN for the role you'd like to authenticate with. This will cause the connector to attempt to retrieve credentials for the specified role.
  • AWSExternalId: Only if required when you assume a role in another account.

Authenticating as an AWS Role

In many situations it may be preferable to use an IAM role for authentication instead of the direct security credentials of an AWS root user.

To authenticate as an AWS role, set the following:

  • AuthScheme: Set this to AwsIAMRoles.
  • AWSRoleARN: Specify the Role ARN for the role you'd like to authenticate with. This will cause the connector to attempt to retrieve credentials for the specified role.
  • AWSExternalId: Only if required when you assume a role in another account.
If you are connecting to AWS (instead of already being connected such as on an EC2 instance), you must additionally specify the following:
  • AWSAccessKey: The access key of the IAM user to assume the role for.
  • AWSSecretKey: The secret key of the IAM user to assume the role for.

Note: Roles may not be used when specifying the AWSAccessKey and AWSSecretKey of an AWS root user.

Connecting to AWSDataManagement

Once you have configured the connector for your desired authentication method, you can optionally set the following to refine data access:

  • Domain: Set this if you want to use a domain name you have associated with AWS.
  • AWSRegion: Set this to the region where your AWS Data Management data is hosted.
Optionally, you can set Domain if you want to use a domain name you have associated with AWS and the AWSRegion to specify your AWS hosting region.

Configure Connector Operations

The connector is an operation-based connector; its operations correspond to SQL statements and expose other functionality such as Schema Discovery. See Using the Connector (Mule 3.8+) for more information on executing SQL to AWS Data Management in Mule applications.

Copyright (c) 2020 CData Software, Inc. - All rights reserved.
Build 20.0.7654