Handler configuration files - Amazon DCV Access Console
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Handler configuration files

The Handler has two configuration files (/etc/dcv-access-console-handler/access-console-handler.properties and /etc/dcv-access-console-handler/access-console-handler-secrets.properties) that include parameters that can be configured to customize the Amazon DCV Access Console functionality connecting to different components.

Note

The property files contains sensitive data. By default, its write access is restricted to root and its read access is restricted to root and to the user running the Handler. By default, this is the dcvaccessconsole user.

The following table lists the parameters in the Handler configuration files.

For the /etc/dcv-access-console-handler/access-console-handler.properties configuration:

Parameter name Required Default Value Description

server-port

Yes

8080

Specifies the port the Handler listens.

web-client-url

Yes

Specifies the url of the Web Client. It should be of the format https://webclient-host:webclient-port.

client-to-broker-connector-url

Yes

Specifies the url of the Broker. It should be of the format https://broker-host:client-to-broker-connector-https-port.

client-to-broker-connector-auth-url

Yes

Specifies the authentication url of the Broker. By default it is https://broker-host:client-to-broker-connector-https-port/oauth2/token.

client-to-broker-connection-verify-ssl

Yes

Enables SSL certificate validation for the connection between the Handler and the Broker.

enable-connection-gateway

No

Enables the use of connection gateway to connect to the Amazon DCV server.

connection-gateway-host

Only required if enable-connection-gateway is true

Specifies the connection gateway host name to use while creating the connection url.

connection-gateway-port

Only required if enable-connection-gateway is true

Specifies the connection gateway port to use while creating the connection url.

enable-public-ip-from-tag

No

Enables the use of the DCV server tag to obtain the host name or IP address rather than the public DNS of the server.

public-ip-tag-name

Only required if enable-public-ip-from-tag is true

Specifies the tag name to use to obtain the host name or IP address.

persistence-db

Yes

Specifies which database is used for persistence. The only supported values are: dynamodb and mysql.

table-name-prefix

No

dcv_access_console_

Specifies the prefix that is added to each table (useful to distinguish multiple Handler using the same Amazon account). Only alphanumeric characters, dot, dash and underscore are allowed.

persistence-db-default-max-results

No

20

Specifies the maximum number of items to retrieve from database.

jdbc-connection-url

Only required if persistence-db is set to mysql

Specifies the connection URL to the MariaDB/MySQL database; it contains the endpoint and the database name.

The url should have this format:jdbc:mysql://db_endpoint:db_port/db_name

db_endpoint is the MariaDB/MySQL database endpoint, db_port is the database port and db_name is the database name.

jpa-db-platform

Only required if persistence-db is set to mysql

org.hibernate.dialect.MariaDBDialect

Specifies the name of the target database.

dynamodb-region

Only required if persistence-db is set to dynamodb

Specifies the region where the DynamoDB tables are created and accessed.

request-prefix

No

/accessconsolehandler

Specifies the prefix for the Handler endpoints.

jwt-issuer-uri

Yes

Specifies the Authentication Server URL. It is of the format https://auther-server-host:auth-server-port.

user-id-case-sensitive

No

True

Specifies if the userid should be case sensitive.

authorization-policies-location

Yes

/etc/dcv-access-console-handler/authorization/policies.cedar

Specifies the path to the Cedar policy file.

authorization-roles-location

Yes

/etc/dcv-access-console-handler/authorization/roles.json

Specifies the path to the Cedar roles file.

default-role

Yes

Specifies the default role to assign to new users.

users-batch-save-size

No

100

Specifies the number of users to save at a time to the database during user import.

import-users-cache-size

No

1000

Specifies the number of users to keep in memory during user import to check if the user already exists.

throttling-burst

No

50

Specifies the bucket maximum capacity of the token bucket throttle algorithm.

throttling-refill

No

2

Specifies the bucket refill rate of the token bucket throttle algorithm.

throttling-period-in-seconds

No

1

Specifies the period in seconds for the bucket refill rate of the token bucket throttle algorithm.

throttling-cache-max-size

No

1000

Specifies the number unique IP address to track for throttling.

throttling-cache-max-time-minutes

No

20

Specifies the number minutes to track an IP address for throttling.

For the /etc/dcv-access-console-handler/access-console-handler-secrets.properties configuration:

Parameter name Required Default Value Description

ssl.enabled

No

False

Enables SSL in Authentication Server.

ssl.key-store-type

No

PKCS12

Specifies the type of the Java Keystore file.

ssl.key-store

No

Specifies the path to the Java Keystore file.

ssl.key-store-password

No

Specifies the password to the Java Keystore file.

broker-client-id

Yes

Specifies the client id to use for the Broker API calls.

broker-client-password

Yes

Specifies the client secret to use for the Broker API calls.

jdbc-user

Only required if persistence-db is set to mysql

Specifies the name of the user that has access to the MariaDB/MySQL database.

jdbc-password

Only required if persistence-db is set to mysql

Specifies the password of the user that has access to the MariaDB/MySQL database.