Handler configuration files
The Handler has two configuration files
(/etc/dcv-access-console-handler/access-console-handler.properties
and
/etc/dcv-access-console-handler/access-console-handler-secrets.properties
) that include parameters that can be
configured to customize the Amazon DCV Access Console functionality connecting to different components.
Note
The property files contains sensitive data. By default, its write access is restricted to root and its read access is
restricted to root and to the user running the Handler. By default, this is the dcvaccessconsole
user.
The following table lists the parameters in the Handler configuration files.
For the /etc/dcv-access-console-handler/access-console-handler.properties
configuration:
Parameter name | Required | Default Value | Description |
---|---|---|---|
|
Yes |
8080 |
Specifies the port the Handler listens. |
|
Yes |
Specifies the url of the Web Client. It should be of the format
|
|
|
Yes |
Specifies the url of the Broker. It should be of the format
|
|
|
Yes |
Specifies the authentication url of the Broker. By default it is
|
|
|
Yes |
Enables SSL certificate validation for the connection between the Handler and the Broker. |
|
|
No |
Enables the use of connection gateway to connect to the Amazon DCV server. |
|
|
Only required if enable-connection-gateway is true |
Specifies the connection gateway host name to use while creating the connection url. |
|
|
Only required if enable-connection-gateway is true |
Specifies the connection gateway port to use while creating the connection url. |
|
|
No |
Enables the use of the DCV server tag to obtain the host name or IP address rather than the public DNS of the server. |
|
|
Only required if |
Specifies the tag name to use to obtain the host name or IP address. |
|
|
Yes |
Specifies which database is used for persistence. The only supported values are: |
|
|
No |
|
Specifies the prefix that is added to each table (useful to distinguish multiple Handler using the same Amazon account). Only alphanumeric characters, dot, dash and underscore are allowed. |
|
No |
20 |
Specifies the maximum number of items to retrieve from database. |
|
Only required if persistence-db is set to |
Specifies the connection URL to the MariaDB/MySQL database; it contains the endpoint and the database name. The url should have this format:jdbc:mysql://
|
|
|
Only required if persistence-db is set to |
org.hibernate.dialect.MariaDBDialect |
Specifies the name of the target database. |
|
Only required if persistence-db is set to |
Specifies the region where the DynamoDB tables are created and accessed. |
|
|
No |
|
Specifies the prefix for the Handler endpoints. |
|
Yes |
Specifies the Authentication Server URL. It is of the format https://auther-server-host:auth-server-port. |
|
|
No |
True |
Specifies if the userid should be case sensitive. |
|
Yes |
|
Specifies the path to the Cedar policy file. |
|
Yes |
|
Specifies the path to the Cedar roles file. |
|
Yes |
Specifies the default role to assign to new users. |
|
|
No |
100 |
Specifies the number of users to save at a time to the database during user import. |
|
No |
1000 |
Specifies the number of users to keep in memory during user import to check if the user already exists. |
|
No |
50 |
Specifies the bucket maximum capacity of the token bucket throttle algorithm. |
|
No |
2 |
Specifies the bucket refill rate of the token bucket throttle algorithm. |
|
No |
1 |
Specifies the period in seconds for the bucket refill rate of the token bucket throttle algorithm. |
|
No |
1000 |
Specifies the number unique IP address to track for throttling. |
|
No |
20 |
Specifies the number minutes to track an IP address for throttling. |
For the /etc/dcv-access-console-handler/access-console-handler-secrets.properties
configuration:
Parameter name | Required | Default Value | Description |
---|---|---|---|
|
No |
False |
Enables SSL in Authentication Server. |
|
No |
PKCS12 |
Specifies the type of the Java Keystore file. |
|
No |
Specifies the path to the Java Keystore file. |
|
|
No |
Specifies the password to the Java Keystore file. |
|
|
Yes |
Specifies the client id to use for the Broker API calls. |
|
|
Yes |
Specifies the client secret to use for the Broker API calls. |
|
|
Only required if persistence-db is set to |
Specifies the name of the user that has access to the MariaDB/MySQL database. |
|
|
Only required if persistence-db is set to |
Specifies the password of the user that has access to the MariaDB/MySQL database. |