Page History
...
| Warning | ||
|---|---|---|
| ||
Choose a custom value for your domain parameter that clearly identifies your institution. Do not leave it at its default value. |
Configure For AWS SQS
Create an AWS
...
Account
Create an AWS account if you do not already have one. See https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/
Create an AWS user for Your SHRINE Node
Create a user for your SHRINE node's tomcat in the AWS console. Give it a name that will be distinct both at your institution and this shrine network.
Do not give it console access.
Do not make it a member of a group, copy permissions, or attach permissions. You'll configure permissions in a moment for tomcat to use AWS SQS.
Create an Access Key and Configure password.conf
Create an access key and secret for the tomcat user - not the admin user - as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html .
Tomcat will need the its AWS SQS credentials to send and receive messages. Add your access ID and secret to tomcat's password.conf:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine.aws.accessKeyId = "NODEAWSKEYID" //the node's AWS access key id - usually all capitals and numbers
shrine.aws.secretAccessKey = "nodeAwsSecretKey" //the node's AWS secret key - very long, mixed case letters and numbers
|
| Code Block | ||||
|---|---|---|---|---|
| ||||
Share the User ID with the Hub Admin
In the IAM > User > Summary section, find the ARN for the tomcat user. It will look something like this: arn:aws:iam::9876543210:user/yourHospital-Shrine .
At the top level of the IAM console, far right column, find your account ID. It will be a long number.
Send both of these to your hub admins so that they can add your node to the network. Neither is secret; sending them in the clear is fine.
Run shrineDownstream setMomUserPolicy
The hub admins will reply with two ARNs: one for the hub's inbound AWS SQS queue, and one for your node's inbound AWS SQS queue.
Download and unzip the shrineDownstream tool from TODO
Create an access key and secret for your admin user - not the tomcat user - as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html .
The shrineDownstream tool will need AWS credentials to replace the tomcat user's permissions to allow it to send and receive messages using those two queues. Add your admin access ID and secret to the shrineDownstream tool's password.conf:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine.aws.accessKeyId = "NODEAWSKEYID" //the node's AWS access key id - usually all capitals and numbers
shrine.aws.secretAccessKey = "nodeAwsSecretKey" //the node's AWS secret key - very long, mixed case letters and numbers
|
Run the command to set the policies:
| Code Block | ||||
|---|---|---|---|---|
| ||||
./shrineDownstream setMomUserPolicy yourHospital-Shrine hubQueueArn="arn:aws:sqs:us-east-1:1234567890:network-hub" nodeQueueArn="arn:aws:sqs:us-east-1:1234567890:best-hospital" |
That will set the policy for your tomcat user to something like:
| Code Block | ||||
|---|---|---|---|---|
| ||||
hubQueueArn="arn:aws:sqs:us-east-1:714168927121:shrine-dev-hub.fifo" nodeQueueArn="arn:aws:sqs:us-east-1:714168927121:shrine-dev-shrinedevnode01.fifo"
Configure password.conf
Share the ID with the Hub Admin
...
Configure For Kafka
TODO
Overview
Content Tools