Retrieve MARKLOGIC_ADMIN_PASSWORD from an Amazon S3 Bucket
04 May 2021 01:10 AM
|
||
IntroductionWhile launching the CloudFormation Templates to create a managed cluster on AWS, the variables This user creation is needed for initial cluster set up process and in case if a node restarts and joins the cluster. The password that is provided when launching the template is not exported to MarkLogic process and it is not stored anywhere on the AMI. If we wish to provide an administrator password, it is not recommended practice to provide a clear text password through AlternativesA best practice is to use a secure S3 bucket with encryption configured and data transmission in combination with an AMI role assigned to EC2 instances on the cluster to access the S3 bucket. This approach is discussed in our documentation and the aim of this Knowledgebase article is to cover the approach in further detail. We can use AWS CLI as suggested below to securely retrieve the password from an object stored in an S3 bucket and then pass that into SolutionWe recommend storing the MarkLogic admin password in an object (e.g. a text file) in a secured/encrypted S3 bucket which can only be retrieved by an authorized user who has access to the specific S3 bucket. As a pre-requisite, create a file (For example: To modify the CloudFormation Template1. Locate the Launch configurations in the template 2. Within LaunchConfig1, add the following line at the beginning
3. Add the following at the end of the launch configuration block
4. Delete the entries are referring to MARKLOGIC_ADMIN_PASSWORD
5. So after modifying the LaunchConfig , it would look like below:
6. Repeat the steps 2,3,4 for all the other LaunchConfig groups and save the template and launch the stack. With this, there is no need to provide the Admin Password while launching the stack using Cloud formation templates. **Please make sure that the IAM role that you are assigning have access to the S3 bucket where the password file is available. NOTE: The Cloud formation templates are created in YAML - be cautious when editing as YAML is whitespace sensitive. | ||
|