Configuring a distributed EOP Installation using an Amazon RDS database instance

  • Updated

Objective

Use an Amazon RDS database instance to host the Contrast database for a distributed EOP Installation.

Process

As documented in Step 6. here, the usual configuration for the Contrast database user is to grant all privileges using:

 GRANT ALL PRIVILEGES ON *.* TO 'contrast'@'%';

With an RDS instance, even the admin user that is provided for managing your instance does not possess all privileges, so it will be impossible to configure the contrast user as suggested.

Instead, the maximum permission level you can set for the contrast user is as follows:

GRANT
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES,
INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE,
REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE,
ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* 
TO 'contrast'@'%' WITH GRANT OPTION;

In addition to configuring the user as such, the following steps need also be taken to avoid potential issues:

Modify RDS Database Parameters

In the Amazon RDS Management Console, edit the Parameter Group for the database as follows:

  • Set max_allowed_packet to 1073741824 (this allows the database to handle larger packets and strings).
  • Set the log_bin_trust_function_creators database parameter to 1 (see here for details).

Modify Database Connection Properties

An additional change may be necessary if the following error is seen in the log:

ERROR (AgentMessageJpaDAO.java:80) Could not call Aggregate Master Procedure

If that error is logged then make the following change:

  • Add the parameter noAccessToProcedureBodies=true to the jdbc.url setting in the database.properties file (details on how to edit this file are here).

TLS Enabled Database Connections

If the RDS database instance requires TLS connections, please refer to the additional instructions in this article to complete the configuration.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request