Install and Configure Styra DAS on AWS
To configure Styra DAS to use AWS for its operations:
-
Remove the configuration of the
db_url
from thesettings
Kubernetes configuration map. -
Configure
aws_access_key
andaws_secret_access_key
tocredentials
Kubernetes secret. Make sure thataws_region
has the right value. Step 1 and Step 2 allow DAS to access the necessary AWS resources. -
Check the IAM policies for the IAM credentials provided allow DAS not only to access the S3, DDB, KMS, and ES resources, but also to create and delete them. This is because DAS will create the resources it needs.
-
Determine a unique resource prefix for the deployment and configure it to
settings
configuration map under fieldresource_prefix
. This prefix is prepended to all DDB and S3 resources created and accessed to render the names globally unique. This is because AWS requires some resources to have globally unique names (in particular, S3). Once the prefix is assigned, it can’t be changed. -
Provide the DAS with the KMS encryption key to use by configuring the key id (uuid) with command line option
--kms-key-id
for all the pods. If no key is provided, the data is not encrypted in storage.
Finally, it is the responsibility of the DAS to execute any necessary upgrade steps in its operations when moving from one version to another. There are no additional upgrade steps required, unless otherwise mentioned.