DataMasque AWS blueprint template is written in AWS CloudFormation format. The purpose of this template is to create a reusable data provisioning pipeline that calls DataMasque APIs to produce masked data that's safe for consumption in non-production environment.
The diagram below describes the DataMasque reference architecture in AWS. This CloudFormation template is used to set up AWS Service Catalog Products to give end-users access to provision RDS instances from a masked RDS snapshot - this incorporates the self-service steps highlighted in purple.
For masking and provisioning RDS Aurora instances, please use the following templates:
- Automate masking RDS Aurora snapshots: DataMasque AWS Aurora Masking Step Functions CloudFormation Template.
- Provision RDS Aurora instances: use the main-aurora branch from AWS Service Catalog Provisioning template.
Follow the steps below to create AWS Service Catalog product using this CloudFormation template:
- Download this AWS CloudFormation Template
- Update the AWS CloudFormation Template to use
Defaultto specify the required configurations (i.e. DBInstanceIdentifier) for the End Users. - Create an AWS Service Catalog Portfolio.
- Create an AWS Service Catalog Product.
- Create an IAM group for End Users to launch products.
- Grant End Users access to the Portfolio.
- Test the newly setup product to test the End User experience.
Reference: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/getstarted.html
| Parameter | Description |
|---|---|
| DBSnapshotIdentifier | The masked snapshot that will be used to provision the new RDS instance |
| DBInstanceClass | Instance class for the new RDS instance. |
| DBInstanceIdentifier | RDS instance identifier. |
| OptionGroupName | RDS instance Option Group. |
| DBParameterGroupName | RDS instance Parameter Group. |
| DBSubnetGroupName | RDS instance Subnet Group. |
| AvailabilityZone | RDS Availability Zone. |
| VPCSecurityGroups | RDS Security Group. |
- The AWS Service Catalog RDS Provisioning template should be used as a provisioning method of a DataMasque masked snapshot.
- The parameters to the created AWS Service Catalog products need reflect your setup and preferred configurations within your AWS Environment.