1 00:00:00,060 --> 00:00:01,120 Just a very short lecture 2 00:00:01,120 --> 00:00:02,320 on Parameter Groups. 3 00:00:02,320 --> 00:00:03,930 So I talked about them, that basically 4 00:00:03,930 --> 00:00:06,620 you can configure your entire DB engine as we'll see 5 00:00:06,620 --> 00:00:08,220 using Parameter Groups. 6 00:00:08,220 --> 00:00:10,030 And if it's a dynamic parameter, 7 00:00:10,030 --> 00:00:11,200 it can be applied immediately, 8 00:00:11,200 --> 00:00:12,780 but if it's a static parameter 9 00:00:12,780 --> 00:00:15,670 then it will only be applied after you reboot your instance. 10 00:00:15,670 --> 00:00:17,500 So that when the instance reboots basically 11 00:00:17,500 --> 00:00:19,530 it just picks up these parameters. 12 00:00:19,530 --> 00:00:21,550 We can also modify the parameter group 13 00:00:21,550 --> 00:00:22,410 associated with the DB 14 00:00:22,410 --> 00:00:25,100 so we can replace the default one by our custom one 15 00:00:25,100 --> 00:00:28,170 but for this we also must reboot our database. 16 00:00:28,170 --> 00:00:30,720 And to know all the parameters available 17 00:00:30,720 --> 00:00:32,340 for a specific DB technology, 18 00:00:32,340 --> 00:00:34,390 you can look at the documentation or as well 19 00:00:34,390 --> 00:00:36,960 use the AWS console as we'll see in a second. 20 00:00:36,960 --> 00:00:38,680 Now there's one must-know parameter 21 00:00:38,680 --> 00:00:40,400 you need to know for the exam 22 00:00:40,400 --> 00:00:43,830 and that's the one called for Postgres and SQL server, 23 00:00:43,830 --> 00:00:47,090 rds dot force underscore ssl equals 1. 24 00:00:47,090 --> 00:00:49,680 And that's the way to enforce SSL connection 25 00:00:49,680 --> 00:00:52,100 to a Postgres or SQL server database. 26 00:00:52,100 --> 00:00:54,740 You must know this parameter going into the exam. 27 00:00:54,740 --> 00:00:57,435 But as a reminder, it doesn't work for MySQL. 28 00:00:57,435 --> 00:01:01,200 For MySQL or MariaDB, you must run a SQL statement 29 00:01:01,200 --> 00:01:04,480 called Grant Select On database dot star slash to 30 00:01:04,480 --> 00:01:07,320 and then you just at the end say require SSL. 31 00:01:07,320 --> 00:01:08,760 So it's pretty funky that there's 32 00:01:08,760 --> 00:01:10,940 two different ways of doing it, but that's the way it is. 33 00:01:10,940 --> 00:01:13,410 So for Postgres you can use a parameter group, 34 00:01:13,410 --> 00:01:15,690 but for MySQL it's a SQL statement. 35 00:01:15,690 --> 00:01:17,570 Remember this going into the exam. 36 00:01:17,570 --> 00:01:18,740 Now let's just have a quick look at 37 00:01:18,740 --> 00:01:20,820 parameter groups in the console. 38 00:01:20,820 --> 00:01:22,590 So parameter group are accessible from 39 00:01:22,590 --> 00:01:23,790 the left hand side panel. 40 00:01:23,790 --> 00:01:25,630 And as you can see when we create a database, 41 00:01:25,630 --> 00:01:27,760 it creates a default parameter group for us. 42 00:01:27,760 --> 00:01:29,830 And we can click on it and see anything 43 00:01:29,830 --> 00:01:32,200 but we won't be able to change this group. 44 00:01:32,200 --> 00:01:34,060 In this parameters filters you can just type 45 00:01:34,060 --> 00:01:36,180 any parameters and see how it is. 46 00:01:36,180 --> 00:01:37,680 We'll create our own parameter group, 47 00:01:37,680 --> 00:01:39,597 so I'll call it a parameter group 48 00:01:39,597 --> 00:01:42,360 and I need to select my database instance. 49 00:01:42,360 --> 00:01:44,056 So for me it's going to be Postgres 10 50 00:01:44,056 --> 00:01:46,260 because we use 10.4. 51 00:01:46,260 --> 00:01:48,220 The group name as I'll call it, 52 00:01:48,220 --> 00:01:52,290 group demo postgres 53 00:01:52,290 --> 00:01:55,380 and I'll just call it demo group for postgres. 54 00:01:55,380 --> 00:01:57,150 You have to put a description in. 55 00:01:57,150 --> 00:01:58,630 Click on create. 56 00:01:58,630 --> 00:02:01,210 And here I'm basically able in this group 57 00:02:01,210 --> 00:02:04,200 to change any of my parameters to whatever I want. 58 00:02:04,200 --> 00:02:06,870 So as you can see we can change the authentication timeout 59 00:02:06,870 --> 00:02:08,970 to whatever value we wanted if we click on it 60 00:02:08,970 --> 00:02:10,660 and click on edit parameters, 61 00:02:10,660 --> 00:02:12,350 then you're literally able to change 62 00:02:12,350 --> 00:02:14,910 the value you want for anything. 63 00:02:14,910 --> 00:02:17,880 So the one parameter that I want you to look at 64 00:02:17,880 --> 00:02:20,670 is going to be called force underscore ssl. 65 00:02:20,670 --> 00:02:23,780 And as you can see, rds dot force ssl is here. 66 00:02:23,780 --> 00:02:25,820 It's a dynamic type of parameter 67 00:02:25,820 --> 00:02:28,050 so we won't need to reboot our instance. 68 00:02:28,050 --> 00:02:31,630 And it's a boolean and it's to force SSL connections. 69 00:02:31,630 --> 00:02:33,390 So I can just click on it, 70 00:02:33,390 --> 00:02:35,640 edit the parameters and say 1. 71 00:02:35,640 --> 00:02:37,870 And this will force my database 72 00:02:37,870 --> 00:02:40,010 to have SSL connections only. 73 00:02:40,010 --> 00:02:42,510 So this is how I force encryption for Postgres. 74 00:02:42,510 --> 00:02:46,070 Okay, I saved it, so now my parameter group has been saved. 75 00:02:46,070 --> 00:02:48,920 And let's see if that works so I'll just refresh my page. 76 00:02:51,670 --> 00:02:53,440 And then after refreshing my page I'm going 77 00:02:53,440 --> 00:02:55,260 type force underscore ssl again. 78 00:02:55,260 --> 00:02:58,220 Okay, now the value is one, so it means it's enabled. 79 00:02:58,220 --> 00:03:01,050 So now what I can do is assign this parameter group 80 00:03:01,050 --> 00:03:02,810 to my Postgres database. 81 00:03:02,810 --> 00:03:05,610 So what I want to do is take this parameter group 82 00:03:05,610 --> 00:03:08,460 which by the way I can edit, copy, compare, reset or delete. 83 00:03:08,460 --> 00:03:10,240 I want to assign it to my database. 84 00:03:10,240 --> 00:03:15,040 So I go to my database and I click on it and I modify it. 85 00:03:15,040 --> 00:03:18,060 And within it, I can now assign my parameter group. 86 00:03:18,060 --> 00:03:22,150 So let's scroll down and in there I will have here 87 00:03:22,150 --> 00:03:24,480 the DB parameter group and I will say 88 00:03:24,480 --> 00:03:26,440 it's group demo postgres. 89 00:03:26,440 --> 00:03:27,920 Because I changed the parameter group, 90 00:03:27,920 --> 00:03:29,950 I will have to reboot my instance. 91 00:03:29,950 --> 00:03:33,060 So I'm fine, everything else I leave the same. 92 00:03:33,060 --> 00:03:36,010 I'll click on continue and then modify DB instance, 93 00:03:36,010 --> 00:03:39,090 but I will apply immediately instead of applying 94 00:03:39,090 --> 00:03:41,640 during the next scheduled maintenance window. 95 00:03:41,640 --> 00:03:42,490 So I'll do this right now, 96 00:03:42,490 --> 00:03:44,190 modify DB instance, 97 00:03:44,190 --> 00:03:46,740 and now my instance is going to be restarting 98 00:03:46,740 --> 00:03:49,370 or rebooting using this new parameter group, 99 00:03:49,370 --> 00:03:53,800 but this time it will basically have forced SSL connections 100 00:03:53,800 --> 00:03:54,950 which is what I wanted. 101 00:03:56,070 --> 00:03:58,080 So after a few reboots, it turns out that 102 00:03:58,080 --> 00:03:59,770 if you scroll down you see that the parameter group 103 00:03:59,770 --> 00:04:01,847 is group demo postgres and now it's in sync 104 00:04:01,847 --> 00:04:03,660 and now it's using all the parameters 105 00:04:03,660 --> 00:04:04,730 that I have specified. 106 00:04:04,730 --> 00:04:06,390 So that's it for this lecture, I hope you enjoyed it 107 00:04:06,390 --> 00:04:08,340 and I will see you in the next lecture.