Getting started guide to start Insight PISO Manager on EC2 instance from AMI

About the document

This is a getting started guide to start Insight PISO Manager on EC2 instance.
- Start Insight PISO Manager on EC2 instance from AMI.
- Configure the necessary settings when monitoring Amazon RDS.
Follow the Insight PISO Manager installation/settings manual for further details.

1. Prepare Insight PISO Manager

1.1. Start Insight PISO Manager on EC2 instance

Start an EC2 instance with the following settings:
- AMI: Select Insight PISO Manager AMI at AWS Marketplace.
- Instance type: 4 vCPUs or more and 8GB RAM or more. (m5.xlarge is recommended.)
- Storage: 50GB for a monitored instance generally. (See Installation Manual for more details.)
  - /dev/sdb: online data
  - /dev/sdc: backup data
- Security group: SSH(22), HTTP(7777)
  - Monitored database must be able to connect to port 7777 of Insight PISO Manager.
  - Port 7777 is used for Web-UI.
Logon to the EC2 instance with 'ec2-user' user and EC2 key pairs.

1.2. Setup Insight PISO Manager

Set hostname. For '<HOSTNAME>', you can give it the name you want.
```
$ sudo hostnamectl set-hostname --static <HOSTNAME>
```
Recognize expanded volume.
If you have expanded volume size, you must use file system–specific commands to extend the file system to the larger size.
```
$ sudo xfs_growfs -d /mnt/piso-data
$ sudo xfs_growfs -d /mnt/piso-backup
```

Install
Select 'en' or 'y' for questions and input license information.
For license info., input the provided license password phrase.
```
$ sudo su - insight
$ cd ~/piso-manager/
$ ./install/install.sh
```
Reflect shell changes after installation is complete.
```
$ source ~/.bashrc
```

1.3. Start Insight PISO Manager

Start Insight PISO Manager.

$ sudo su - insight
$ istctl uppg
$ istctl upap
$ istctl startall

Now you can access to Insight PISO Manager web UI. The URL is 'http://<IP_ADDRESS>:7777/piso/'.
The default username is 'administrator', and the default password is your EC2 instance id.

1.4. Setting up the monitored database

Set up the monitored database.
The following is an example of monitoring Amazon RDS for PostgreSQL.

Allow outbound HTTPS (443) when monitoring Amazon RDS.

Grant the necessary permissions for PISO audit log data collection and assign an IAM role to EC2.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "rds:DownloadDBLogFilePortion",
                "rds:DescribeDBInstances",
                "rds:DescribeDBLogFiles",
                "rds:DownloadCompleteDBLogFile"
            ],
            "Resource": [
                "arn:aws:rds:*:< AWS Account ID>:db:*"
            ]
        }
    ]
}

Set the following in the DB parameter group of RDS for PostgreSQL.

pgaudit.log = 'all,-misc'    (When setting the storage target using PISO Manager, set all,-misc.)
pgaudit.log_parameter = 1
pgaudit.log_relation = 1
pgaudit.log_rows = 1
pgaudit.log_statement_once = 1
pgaudit.role = rds_pgaudit
log_rotation_age = 10
log_connections = 1
log_disconnections = 1
shared_preload_libraries = pgaudit  (Do not delete the original settings)
log_filename = postgresql.log.%Y-%m-%d-%H
log_error_verbosity = verbose

Please restart your DB instances.

1.5. Add a monitored database to Insight PISO Manager

Register the database to be monitored in Insight PISO Manager Web-UI.
For registration method, see "Insight PISO Manager Settings Manual".

Run the following command to start acquiring audit log data.
```
$ istctl upauditcol
```

1.6. Configure Insight PISO SQL collection

Configure Insight PISO Manager to collect SQL (from the target database) and notify alerts.
- Follow Insight PISO Manager settings manual for details.
After the configuration, database activities on the target database will be monitored.