Aurora (MySQL)

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: MySQL, MS SQL, Snowflake, SMB, etc.

Onboarding Aurora (MySQL) Data Source

1. Click on Add Data Source.

1. Search for Aurora (MySQL).

1. Click on Aurora MySQL.

1. Configure Basic Details

In the Basic Details section, enter the following information:

• Instance Name: Provide a unique name for the Aurora MySQL data source (e.g., aurora-mysql-datasource).

• Primary Owner: Enter the email address of the individual responsible for this data source (e.g., demo@lightbeam.ai).

• Source of Truth (Optional): Toggle this option on if this database serves as a single source of truth for entity validation.

• Description (Optional): Add a brief description of the database (e.g., "Aurora MySQL Datasource Instance").

1. Enter Connection Details

   Provide the following details in the Connection section:

   • Username: The username for database authentication.

   • Password: The corresponding password for the username.

   • Host: The Aurora MySQL cluster endpoint (e.g., aurora-cluster-1.cluster-xxxxxxxxxxxx.us-east-1.rds.amazonaws.com).

   • Port: The MySQL connection port (default 3306 or a custom port).

2. Click Test Connection to validate the credentials.

3. Additional Details (Optional)

   In this section, you can specify metadata attributes related to the data source:

   • Location: The location of the data source.

   • Purpose: The purpose of the data being collected/processed.

   • Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

4. Verify that you get the message Connection Success! on the screen. Click on Next.

5. On the next screen, select databases that you wish to scan from the list.

1. Click on Start Sampling.

APPENDIX

Troubleshooting

If you don’t see any data being scanned without error, it might be a permission issue. Consider running a SELECT * query on a table and see if you are able to see the data. If you see a message of permission denied, consider granting the permission to the user.

Minimal permissions setup

We require the following permissions to scan only a subset of the databases for the instance:

• Connect permissions

• For each database - SELECT permissions

Use the following script to create a user with such permissions. In this example, we are creating a user with permissions to connect to the LightBeam database.

User with restricted permissions for a single database

CREATE USER 'test'@'ipaddress or %' IDENTIFIED BY 'lbadmin12345';
GRANT SELECT ON lightbeam.* TO 'test'@'ipaddress or %';
FLUSH PRIVILEGES;

The LightBeam UI selection list will only display databases that are added using the second query, which is:

GRANT SELECT ON lightbeam.* TO 'test'@'ipaddress or %';

Use the newly formed user to register the MySQL datasource.

Full permissions setup

If you want to, you can scan all the databases and allow wider scope permissions. LightBeam recommends a full read-only user that can access a list of databases, connect to every database and read data.

Validate permissions to the database

Next, the user needs to validate these permissions to the database. This ensures authorized access to the database by the credentials provided by the user. After validating the permissions to the database, the user can configure LightBeam Spectra on the system.

Prerequisite

The following tools need to be installed on the system in order to verify database permissions.

• Git

• MySQL tool

Steps

2. Go into sql_user_check_mysql/ directory

3. Please refer to the README.md file in the directory for detailed instructions.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.