Broker configuration file - Amazon DCV Session Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Broker configuration file

The broker configuration file (/etc/dcv-session-manager-broker/session-manager-broker.properties) includes parameters that can be configured to customize the Session Manager functionality. You can edit the configuration file using your preferred text editor.

Note

The /etc/dcv-session-manager-broker/session-manager-broker.properties file contains sensitive data. By default, its write access is restricted to root and its read access is restricted to root and to the user running the broker. By default, this is the dcvsmbroker user. The broker checks at startup that the file has the expected permissions.

The following table lists the parameters in the broker configuration file.

Parameter name Required Default value Description
broker-java-home No Specifies the path to the Java home directory the broker will use instead of the system default one. If set, the broker will use <broker-java-home>/bin/java at startup.

Tip: the broker requires Java Runtime Environment 11 and it is installed if missing as a dependency upon successfull installation. If version 11 is not set as default Java environment, its home directory can be grabbed using the following command:

$ sudo alternatives --display java
session-screenshot-max-width No 160 Specifies the maximum width, in pixels, of session screenshots taken using the GetSessionScreenshots API.
session-screenshot-max-height No 100 Specifies the maximum height, in pixels, of session screenshots taken using the GetSessionScreenshots API.
session-screenshot-format No png The image file format of session screenshots taken using the GetSessionScreenshots API.
create-sessions-queue-max-size No 1000 The maximum number of unfulfilled CreateSessions API requests that can be queued. When the queue is full, new unfulfilled requests are rejected.
create-sessions-queue-max-time-seconds No 1800 The maximum of time, in seconds, that an unfulfilled CreateSessions API request can remain in the queue. If the request cannot be fulfilled within the specified amount of time, it fails.
session-manager-working-path Yes /tmp Specifies the path to the directory where the broker writes the files needed to operate. This directory must be accessible only to the broker.
enable-authorization-server Yes true Specifies whether the broker is the authentication server used to generate OAuth 2.0 access tokens for client APIs.
enable-authorization Yes true Enables or disables client authorization. if you enable client authorization, the client API must provide an access token when making API requests. If you disable client authorization, client APIs can make requests without access tokens.
enable-agent-authorization Yes true Enables or disables agent authorization. If you enable agent authorization, the agent must provide an access token when communicating with the broker.
delete-session-duration-hours No 1 Specifies the number of hours after which deleted sessions become invisible and are no longer returned by DescribeSession API calls.
connect-session-token-duration-minutes No 60 Specifies the number of minutes for which the ConnectSession token remains valid.
client-to-broker-connector-https-port Yes 8443 Specifies the HTTPS port where the broker listens for client connections.
client-to-broker-connector-bind-host No 0.0.0.0 Specifies the IP address of the host where the broker binds for client connections.
client-to-broker-connector-key-store-file Yes Specifies the key store used for TLS client connections.
client-to-broker-connector-key-store-pass Yes Specifies the key store pass.
agent-to-broker-connector-https-port Yes 8445 Specifies the HTTPS port where the broker listens for agent connections.
agent-to-broker-connector-bind-host No 0.0.0.0 Specifies the IP address of the host where the broker binds for agent connections.
agent-to-broker-connector-key-store-file Yes Specifies the key store used for TLS agent connections.
agent-to-broker-connector-key-store-pass Yes Specifies the key store pass.
broker-to-broker-port Yes 47100 Specifies the port used for broker-to-broker connections.
broker-to-broker-bind-host No 0.0.0.0 Specifies the IP address of the host where the broker binds for broker-to-broker connections.
broker-to-broker-discovery-port Yes 47500 Specifies the port used by brokers to discover each other.
broker-to-broker-discovery-addresses No Specifies the IP addresses and ports of the other brokers in the fleet in the ip_address:port format. If there are multiple brokers, separate the values with a comma. If you specify broker-to-broker-discovery-multicast-group, broker-to-broker-discovery-multicast-port, broker-to-broker-discovery-Amazon-region, or broker-to-broker-discovery-Amazon-alb-target-group-arn, omit this parameter.
broker-to-broker-discovery-multicast-group No Specifies the multicast group for broker-to-roker discovery. If you specify broker-to-broker-discovery-addresses, broker-to-broker-discovery-aws-region, or broker-to-broker-discovery-Amazon-alb-target-group-arn, omit this parameter.
broker-to-broker-discovery-multicast-port No Specifies the multicast port for broker-to-broker discovery. If you specify broker-to-broker-discovery-addresses, broker-to-broker-discovery-Amazon-region, or broker-to-broker-discovery-Amazon-alb-target-group-arn, omit this parameter.
broker-to-broker-discovery-Amazon-region No Specifies the Amazon Region of the application load balancer used for broker to broker discovery. If you specify broker-to-broker-discovery-multicast-group, broker-to-broker-discovery-multicast-port, or broker-to-broker-discovery-addresses, omit this parameter.
broker-to-broker-discovery-Amazon-alb-target-group-arn No The ARN of the application load balancer target group user for broker-to-broker discovery. If you specify broker-to-broker-discovery-multicast-group, broker-to-broker-discovery-multicast-port, or broker-to-broker-discovery-addresses, omit this parameter.
broker-to-broker-distributed-memory-max-size-mb No 4096 Specifies the maximum amount of off -heap memory to be used by a single broker to store Amazon DCV session data.
broker-to-broker-key-store-file Yes Specifies the key store used for TLS broker connections.
broker-to-broker-key-store-pass Yes Specifies the key store pass.
enable-cloud-watch-metrics No false Enables or disables Amazon CloudWatch metrics. If you enable CloudWatch Metrics, you might need to specify a value for cloud-watch-region.
cloud-watch-region No Only required if enable-cloud-watch-metrics is set to true. If the broker is installed on an Amazon EC2 instance, the region is retrieved from the IMDS. The Amazon region where the CloudWatch metrics are posted.
max-api-requests-per-second No 1000 Specifies the maximum number of requests that the broker api can process each second before being throttled.
enable-throttling-forwarded-for-header No false If set to true the throttling retrieves the caller ip from the X-Forwared-For header if present.
create-sessions-number-of-retries-on-failure No 2 Specifies the maximum number of retries to be performed after a create session request fails on a Amazon DCV server host. Set to 0 to never perform retries on failures.
autorun-file-arguments-max-size No 50 Specifies the maximum number of arguments that can be passed to the autorun file.
autorun-file-arguments-max-argument-length No 150 Specifies the maximum length in chars of each autorun file argument.
enable-persistence Yes false If set to true, the broker status data is persisted on an external database.
persistence-db No Only required if enable-persistence is set to true. Specifies which database is used for persistence. The only supported values are: dynamodb and mysql.
dynamodb-region No Only required if enable-persistence is set to true and persistence-db is set to dynamodb. Specifies the region where the DynamoDB tables are created and accessed.
dynamodb-table-rcu No Only required if enable-persistence is set to true and persistence-db is set to dynamodb. Specifies the Read Capacity Units (RCU) for each DynamoDB table For more information on RCU, see Pricing for Provisioned Capacity.
dynamodb-table-wcu No Only required if enable-persistence is set to true and persistence-db is set to dynamodb. Specifies the Write Capacity Units (WCU) for each DynamoDB table. For more information on WCU, see Pricing for Provisioned Capacity.
dynamodb-table-name-prefix No Only required if enable-persistence is set to true and persistence-db is set to dynamodb. Specifies the prefix that is added to each DynamoDB table (useful to distinguish multiple broker clusters using the same Amazon account). Only alphanumeric characters, dot, dash and underscore are allowed.
jdbc-connection-url No Only required if enable-persistence is set to true and persistence-db is set to mysql. Specifies the connection URL to the MariaDB/MySQL database; it contains the endpoint and the database name. The url should have this format:
jdbc:mysql://<db_endpoint>:<db_port>/<db_name>?createDatabaseIfNotExist=true
Where <db_endpoint> is the MariaDB/MySQL database endpoint, <db_port> is the database port and <db_name> is the database name.
jdbc-user No Only required if enable-persistence is set to true and persistence-db is set to mysql. Specifies the name of the user that has access to the MariaDB/MySQL database.
jdbc-password No Only required if enable-persistence is set to true and persistence-db is set to mysql. Specifies the password of the user that has access to the MariaDB/MySQL database.
seconds-before-deleting-unreachable-dcv-server No 1800 Specifies the amount of seconds after which an unreachable server is deleted from the system.