Using the AWS Secrets Manager Connection Manager
The AWS Secrets Manager Connection Manager is an SSIS connection manager that can be used to establish connections with AWS Secrets Manager.
To add a new connection, right-click the Connection Manager area in your Visual Studio project, and choose "New Connection..." from the context menu. You will be prompted the "Add SSIS Connection Manager" window. Select the "AWS Secrets Manager (KingswaySoft)" item to add a new AWS Secrets Manager Connection Manager.
The AWS Secrets Manager Connection Manager contains the following 2 pages of configuration.
- General
- Advanced Settings
General Page
The General page allows you to specify connection properties and login credentials to AWS Secrets Manager.
- Credentials
-
- Access Key
-
The Access Key option is used to specify the Access Key that you have requested from AWS Secrets Manager. To find your Access Key follow these instructions:
- Sign in to the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane, choose Users.
- Choose the name of the desired user, and then choose the Security Credentials tab. The user’s keys and the status of each key are displayed.
- Secret Key
-
The Secret Key option is used to specify the Secret Key that you have requested from AWS Secrets Manager. Note that the secret key can only be retrieved when creating the key, which means if you forget the secret key you can only create a new access key in AWS Secrets Manager. To create a user’s access key follow these instructions:
- Sign in to the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane, choose Users.
- Choose the name of the desired user, and then choose the Security Credentials tab.
- Choose Create Access Key and then choose Download Credentials to save the access key ID and secret key to a CSV file on your computer.
- Use Temporary Token
-
Check the Use Temporary Token option to enable the Session Token option.
- Session Token
-
The Session Token option allows you to specify a temporary security token, known as temporary security credentials
- Region
-
The Region option allows you to pick which region your service is in.
- AWS Account Id
-
Specify AWS Account Id for shared queues.
- Bucket (since v6.2)
-
The Bucket option allows you to specify the AWS Secrets Manager bucket name which you want to work with.
- S3 Endpoint (since v21.2)
-
The S3 Endpoint option allows you to specify the AWS Secrets Manager endpoint, this can be used to work with regions with special endpoint formats like China regions, or when the connection user has no location discovery permission.
-
- Timeout (secs)
-
The Connection Timeout option allows you to specify the number of seconds for the request timeout values. The default value is 120 seconds.
- Retry on Intermittent Errors
-
This is an option designed to help recover from possible intermittent outages or disruption of service. It prevents the integration process from stopping due to temporary issues. Enabling this option will allow service calls to be retried upon certain types of failure. A service call may be retried up to 3 times before an exception is fired. Retries occur after 0 seconds, 15 seconds, and 60 seconds.
- Test Connection
-
After all the connection information has been provided, click the Test Connection button to test if the connection settings entered are valid.
Advanced Settings Page
The Advanced Settings page of AWS Secrets Manager Connection Manager allows you to specify how you want to configure the proxy server.
- Proxy Server Settings
-
- Proxy Mode
-
The Proxy Mode option allows you to specify how you want to configure the proxy server setting. There are three options available.
- No Proxy
- Auto-detect (Using system-configured proxy)
- Manual
- Proxy Server
-
Using the Proxy Server option, you can provide a proxy server to connect to AWS Secrets Manager.
- Port
-
The Port option allows you to specify the port number of the proxy server for the connection.
- Username
-
The Username option allows you to specify the proxy user account.
- Password
-
The Password option allows you to specify the proxy user’s password.
Note: Proxy Password is not included in the AWS Secrets Manager connection manager’s ConnectionString property by default. This is done by design for security reasons. However, you can include it in your ConnectionString if you want to parameterize your connection manager. The format would be ProxyPassword=myProxyPassword; (make sure you have a semicolon as the last character). It can be anywhere in the ConnectionString.