Skip to main content

Install and Configure Styra DAS on AWS

To configure Styra DAS to use AWS for its operations:

  1. Remove the configuration of the db_url from the settings Kubernetes configuration map.

  2. Configure aws_access_key and aws_secret_access_key to credentials Kubernetes secret. Make sure that aws_region has the right value. Step 1 and Step 2 allow DAS to access the necessary AWS resources.

  3. Check the IAM policies for the IAM credentials provided allow DAS not only to access the S3, DDB, KMS, and ES resources, but also to create and delete them. This is because DAS will create the resources it needs.

  4. Determine a unique resource prefix for the deployment and configure it to settings configuration map under field resource_prefix. This prefix is prepended to all DDB and S3 resources created and accessed to render the names globally unique. This is because AWS requires some resources to have globally unique names (in particular, S3). Once the prefix is assigned, it can’t be changed.

  5. Provide the DAS with the KMS encryption key to use by configuring the key id (uuid) with command line option --kms-key-id for all the pods. If no key is provided, the data is not encrypted in storage.

Finally, it is the responsibility of the DAS to execute any necessary upgrade steps in its operations when moving from one version to another. There are no additional upgrade steps required, unless otherwise mentioned.