Before you start
To get the most out of this guide, you will need to:- Either create an account in our managed instance or deploy your own hoop.dev instance
- You must be your account administrator to perform the following commands
Requirements
The AWS credentials require the minimal set of IAM permissions to work:- logs:DescribeLogGroups
- logs:GetLogEvents
- logs:FilterLogEvents
Features
The table below outlines the features available for this type of connection.- Native - This refers to when a database client connects through a specific protocol, such as an IDE or client libraries through
hoop connect <connection-name>. - One Off - This term refers to accessing this connection from hoop web panel.
| Feature | Native | One Off | Description |
|---|---|---|---|
| TLS Termination Proxy | The local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted. | ||
| Audit | The gateway stores and audits the queries being issued by the client. | ||
| Data Masking (Google DLP) | A policy can be enabled to mask sensitive fields dynamically when performing queries in the database. | ||
| Data Masking (MS Presidio) | A policy can be enabled to mask sensitive fields dynamically when performing queries in the database. | ||
| Credentials Offload | The user authenticates via SSO instead of using database credentials. | ||
| Interactive Access | Interactive access is available when using an IDE or connecting via a terminal to perform analysis exploration. |
Configuration
| Name | Type | Required | Description |
|---|---|---|---|
| AWS_ACCESS_KEY_ID | env-var | yes | The AWS access key ID for CloudWatch Logs accesss |
| AWS_SECRET_ACCESS_KEY | env-var | yes | The AWS secret access key for CloudWatch Logs access |
| AWS_REGION | env-var | yes | The AWS region where your CloudWatch log groups are located (e.g., us-east-1, eu-west-1) |