Opal + Amazon Aurora

Product Overview

Amazon Aurora (Aurora) is a fully managed relational database engine that's compatible with MySQL and PostgreSQL. You already know how MySQL and PostgreSQL combine the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. The code, tools, and applications you use today with your existing MySQL and PostgreSQL databases can be used with Aurora. With some workloads, Aurora can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.

Integration Overview

Opal supports AWS-managed RDS databases out of the box. Database access can be scoped to any granularity your database allows including table and even column-level access. Developers can easily discover and request for just-in-time short-lived access to RDS databases. All databases can be accessed using your favorite 3rd party database viewers, like Postico, or through the command line.

Use cases

1. Modern Access Management

Opal integrates with RDS databases with granular access levels. Using Opal, customers can:

  • Grant just-in-time access to critical resources that are auto-expiring and fully audited
  • Enable resource owners with the most context to approve access requests and provision access automatically via Slack
  • Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more
  • Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
  • Automatically escalate privileges (and revoke access) when developers are on-call via integrations with PagerDuty and Opsgenie

2. Privileged Access Management

To support native developer workflows, Opal has:

  • Easy CLI access to start sessions
  • Enable developers to generate auto-expiring credentials that expire after 15 minutes. For DevOps teams, this eliminates the need for credential rotation. For security teams, this bolsters security posture as the credentials are identity-based and developers aren't using static credentials.
  • Auditing capabilities for identity-based attribution

Integration Setup

Amazon Aurora databases can be imported using Opal's AWS connector.

1. In the Apps sidebar, click on "New App", and select Amazon Web Services

2. Opal requires an IAM user to manage your AWS Cloud on your behalf. To simplify the process of creating a user with the proper IAM policies, you can use our official CloudFormation Stack to automatically generate one.

  1. Once the user is created, admins just need to fill out the form to add user access key ID and user secret access key.

Integrate