Aurora (PostgreSQL)

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: PostgreSQL, Snowflake, SMB, etc.

Onboarding Aurora (PostgreSQL) Data Source

1. Login to your LightBeam Instance.

2. Click on DATASOURCES on the Top Navigation Bar.

3. Click on “Add a data source”.

2. Search for Aurora (PostgreSQL).

3. Configure Basic Details

1. In the Basic Details section, enter the following information:

   • Instance Name: Provide a unique name for the Aurora PostgreSQL data source (e.g., aurora postgreSQL).

   • Primary Owner: Enter the email address of the individual responsible for this data source (e.g., demo@lightbeam.ai).

   • Source of Truth (Optional): Toggle this option on if this database serves as a single source of truth for entity validation.

   • Description (Optional): Add a brief description of the database (e.g., "Aurora PostgreSQL instance").

4. Enter Connection Details

Provide the following details in the Connection section:

• Username: The username for database authentication.

• Password: The corresponding password for the username.

• Host: The Aurora PostgreSQL cluster endpoint (e.g., aurora-cluster-1.cluster-xxxxxxxxxxxx.us-east-1.rds.amazonaws.com).

• Port: The PostgreSQL connection port (default 5432 or a custom port).

1. Click Test Connection to validate the credentials.

2. Additional Details (Optional)

In this section, you can specify metadata attributes related to the data source:

• Location: The location of the data source.

• Purpose: The purpose of the data being collected/processed.

• Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

1. Verify that you get the message Connection Success! on the screen. Click on Next.

1. On the next screen, select databases that you wish to scan from the list.

9. Click on Start Sampling.

APPENDIX

Troubleshooting

If you don’t see any data being scanned without error, it might be a permission issue. Consider running a SELECT * query on a table and see if you are able to see the data. If you see a message of permission denied, consider granting permission to the user.

Minimal permissions setup

We require the following permissions to scan only a subset of the databases for the instance:

• CONNECT permissions

• For each database - CONNECT and SELECT permissions

Use the following script to create a user with such permissions. In this example, we are creating a user with the permissions to connect to the LightBeam database.

User with restricted permissions for a single database

-- CREATE USER test1 WITH PASSWORD 'lbadmin12345';

-- GRANT SELECT ON ALL TABLES IN SCHEMA public TO test1;

-- GRANT CONNECT ON DATABASE lightbeam to test1;

-- GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO test1;

Use the user you just created to register Aurora PostgreSQL datasource.

Full permissions setup

If you want to, you can scan all the databases and allow wider scope permissions. LightBeam recommends a full read-only user that can access a list of databases, connect to every database, and read data.

Validate permissions to the database

Next, the user needs to validate these permissions to the database. This ensures authorized access to the database by the credentials provided by the user. After validating the permissions to the database, the user can configure LightBeam Spectra on the system.

Prerequisite

The following tools need to be installed on the system in order to verify database permissions:

• Git

• PSQL tool

Steps

2. Go into sql_user_check_postgres directory

3. Please refer to the README.md file in the directory for detailed instructions.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.