Before you start

To get the most out of this guide, you will need to:

Requirements

This connection uses a wrapper script available in the hoophq/hoopdev image called ecs-exec.sh. This script requires the following permissions to work:
  • ecs:ListTasks
  • ecs:DescribeTasks
  • ecs:ExecuteCommand

Features

The table below outlines the features available for this type of connection.
  • Native - This refers to when a database client connects through a specific protocol, such as an IDE or client libraries through hoop connect <connection-name>.
  • One Off - This term refers to accessing this connection from hoop web panel.
FeatureNativeOne OffDescription
TLS Termination ProxyThe local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted.
AuditThe gateway stores and audits the queries being issued by the client.
Data Masking (Google DLP)A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Data Masking (MS Presidio)A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Credentials OffloadThe user authenticates via SSO instead of using database credentials.
Interactive AccessInteractive access is available when using an IDE or connecting via a terminal to perform analysis exploration.

Configuration

NameTypeRequiredDescription
CLUSTER_NAMEenv-varyesThe name or arn of the ECS Cluster
SERVICE_NAMEenv-varyesThe name of the service on ECS
CONTAINERenv-varyesThe name of the container defaults to the first one.
AWS_ACCESS_KEY_IDenv-varyesThe access key credential
AWS_SECRET_ACCESS_KEYenv-varyesThe secret key credential
AWS_DEFAULT_REGIONenv-varyesThe AWS region