Merge pull request #594 from awslabs/doc1.1-branch

docs(others): batch proxy data source creation

docs/en/user-guide/appendix-database-proxy.md

@@ -1,35 +1,97 @@
-## Using EC2 to configure database agents
+## Configuring Database Proxy on EC2
 
-Create one EC2 instance as the database proxy. Install Nginx to set port forwarding. For example:
+### Create and log in to the proxy EC2 machine, configure forwarding ports
+Some users' database Security Groups have restrictions that only allow fixed IP access. In this case, users need an EC2 as a Proxy to provide a fixed IP.
 
+Next, we will create an EC2 instance as a database proxy, install Nginx software, and set up port forwarding. When making a data source connection, SDPS connects to EC2 and makes a JDBC connection to the database through this EC2.
 
-### Step 1:Install
-`sudo yum install nginx nginx-mod-stream`
-### Step 2:Start
-`sudo systemctl start nginx`
-### Step 3:View status
-`systemctl status nginx`
-### Step 4:Edit /etc/nginx/nginx.conf
-`sudo vim /etc/nginx/nginx.conf`  
-Add content similar to the following at the end of the file
-```
+##### Step 1: Create an EC2 Instance
+- In the EC2 console. Create an EC2 in the VPC where SDP is located, to be used as a proxy server.
+- Configure the EC2 Security Group: Add an Inbound Rule, allowing all TCP entries from the following two security groups: SDPS-CustomDB, Stack Name-RDSRDSClient
+
+##### Step 2: Install Nginx software on EC2
+- Copy the EC2's .pem file to the Bastion host for logging into the proxy server.
+- From your Bastion host, log in to EC2 using SSH, for example:
+  `ssh -i /path/to/your/key.pem ec2-user@ec2-private-ip`
+- Run the following commands in sequence to install and start Nginx.
+  - Installation: `sudo yum install nginx nginx-mod-stream`
+  - Start: `sudo systemctl start nginx`
+  - Check status: `systemctl status nginx`
+
+##### Step 3: Configure Nginx software
+  - Open the configuration file: `vim /etc/nginx/nginx.conf`
+  - Edit the configuration file:
+```python
+# Replace the default nginx.conf file content with code. You need to make necessary adjustments.
 stream {
     upstream backend1 {
-        server 10.0.34.171:3306  max_fails=3 fail_timeout=30s; # Server address can use domain name
+        server 10.0.34.171:3306  max_fails=3 fail_timeout=30s; 
+        # You need to modify the server address to the IP:Port of your target database, you can also use DomainName:Port format.
     }
     server {
-        listen 3306;
-        proxy_connect_timeout 1s;
+        listen 7001; # This EC2 port is used for forwarding requests (Port)
+        proxy_connect_timeout 2s;
+        proxy_timeout 3s;
         proxy_pass backend1;
     }
 }
 ```
-### Step 5: Reload configuration file
-`sudo nginx -s reload`
-### Step 6: Add 2 security groups to the instance
-Add Rule to the Proxy security group to allow all TCP entries from the following two security groups:`SDPS-CustomDB`、`StackName-RDSRDSClient`
-### Step 7: (Optional) Is the local testing agent effective
-```
-sudo yum install telnet
-telnet 127.0.0.1 7001
+!!! Info How to edit the configuration file when there are many databases?
+    If you need to configure multiple port forwarding, you can use the SDP **batch create data source** feature, and create the Nginx configuration file through the template. See below Appendix.
+
+##### Step 5: Reload the configuration file
+Save the configuration file and reload it to take effect: `sudo nginx -s reload`
+
+##### Step 7: Test if the proxy EC2 port forwarding is effective (Optional)
+On EC2, install telnet, and test if the local 7001 port can be pinged.
+`sudo yum install telnet`
+`telnet 127.0.0.1 7001`
+If configured correctly, you should see the following log:
+```java
+    Trying 127.0.0.1...
+    Connected to 127.0.0.1.
 ```
+Now, you have completed the configuration of the proxy server, you can go back to the SDP UI to manually add or batch add data sources.
+
+---
+### Appendix: Batch create data sources forwarded from the proxy server
+
+##### Step 1: Download the template
+From the SDP UI, download the template for batch creating data sources.
+
+##### Step 2: Edit the excel file
+Fill in the data sources you need to scan.
+
+| InstanceName        | SSL | Description                                                        | JDBC_URL                                     | JDBC_Databases | SecretARN | Username | Password   | AccountID            | Region         | ProviderID |
+|---------------------|-----|--------------------------------------------------------------------|----------------------------------------------|----------------|-----------|----------|------------|----------------------|----------------|------------|
+| test-instance-7001  | 1   | xxxx1.sql.db.com:23297 | jdbc:mysql://172.31.48.6:7001                |                |           | root     | Temp123456! | 123456789 | ap-guangzhou-1 | 4          |
+| test-instance-7002  | 1   | xxxx2.sql.db.com:3306 | jdbc:mysql://172.31.48.6:7002                |                |           | root     | Temp123456! | 123456789 | ap-guangzhou-1 | 4          |
+
+##### Step 3: Generate the Nginx software's config file
+(On your local machine) Open the Excel software, in the menu bar click Tools → Macro → Visual Basic Editor.
+
+Click the run button, and a config.txt file will be generated in the directory where the Excel file is located.
+
+```java
+// This is a sample.
+// Forward through EC2's 7001 port to xxxx1.sql.db.com:23297 database.
+// Forward through EC2's 7002 port to xxxx2.sql.xxdb.com:3306 database.
+stream {
+    upstream backend1 {
+        server xxxx1.sql.db.com:23297 max_fails=3 fail_timeout=30s;
+    }
+    server {
+        listen 7001; 
+        proxy_connect_timeout 2s;
+        proxy_pass backend1;
+    }
+    upstream backend2 {
+        server xxxx2.sql.db.com:3306 max_fails=3 fail_timeout=30s;
+    }
+    server {
+        listen 7002; 
+        proxy_connect_timeout 2s;
+        proxy_pass backend2;
+    }
+}
+```

docs/zh/user-guide/appendix-database-proxy.md

@@ -1,18 +1,27 @@
 ## 使用EC2配置数据库代理
+g
+### 创建并登录到代理EC2机器，配置转发端口
+有一些用户的数据库Security Group设置了限制，只允许固定IP访问。这个时候，用户需要一个EC2作为Proxy来提供固定的IP。
 
-创建1个EC2实例作为数据库代理。安装Nginx 设置端口转发。例如:
+接下来，我们将创建1个EC2实例作为数据库代理，并安装Nginx软件并设置端口转发。在做数据源连接时，SDPS连接EC2，并通过这台EC2目标对数据库进行JDBC连接。
 
+##### Step 1:创建EC2实例
+- 在EC2控制台。在SDP所在的VPC创建一台EC2机器, 作为代理服务器。
+- 配置EC2的安全组（Security Group）：添加Inbound Rule，允许以下2个安全组的所有TCP进入：SDPS-CustomDB、堆栈名-RDSRDSClient
 
-### Step 1:安装
-`sudo yum install nginx nginx-mod-stream`
-### Step 2:启动
-`sudo systemctl start nginx`
-### Step 3:查看状态
-`systemctl status nginx`
-### Step 4:编辑/etc/nginx/nginx.conf文件
-`sudo vim /etc/nginx/nginx.conf`  
-在文件末尾添加类似以下内容
-```
+##### Step 2:在EC2上安装Nginx软件
+- 将EC2的pem文件拷贝到Bastion host上，用于登陆代理服务器。
+- 从你的Bastion host上，使用SSH方式登陆到EC2。例如：
+  `ssh -i /path/to/your/key.pem ec2-user@ec2-private-ip`
+- 依次运行下面的命令，安装并启动Nginx。
+  - 安装： `sudo yum install nginx nginx-mod-stream`
+  - 启动：`sudo systemctl start nginx`
+  - 查看状态：`systemctl status nginx`
+##### Step 3:配置Nginx软件
+  - 打开配置文件：`vim /etc/nginx/nginx.conf`
+  - 编辑配置文件：
+```python
+# 用代码替换默认的nginx.conf文件内容。您需要进行必要的调整。
 stream {
     upstream backend1 {
         server 10.0.34.171:3306  max_fails=3 fail_timeout=30s; # server地址可以使用域名
@@ -24,12 +33,64 @@ stream {
     }
 }
 ```
-### Step 5: 重新加载配置文件
-`sudo nginx -s reload`
-### Step 6: 为实例添加安全组
-Proxy安全组添加Rule，允许以下2个安全组的所有TCP进入：`SDPS-CustomDB`、`堆栈名-RDSRDSClient`
-### Step 7: （可选）本地测试代理是否生效
+!!! Info 数据库太多时，如何编辑配置文件？
+    如果您需要配置多个端口转发，可以使用SDP **批量创建数据源**功能，并通过模版来创建Nginx配置文件。见下面附录。
+
+##### Step 5: 重新加载配置文件
+保存配置文件，并重新加载使其生效：`sudo nginx -s reload`
+
+##### Step 7: 测试代理EC2端口转发是否生效 （可选）
+在EC2上，安装telnet，并测试本机的7001端口是否可以ping通。
+`sudo yum install telnet`
+`telnet 127.0.0.1 7001`
+如果已经正确配置，您应该看到如下log：
+```java
+    Trying 127.0.0.1...
+    Connected to 127.0.0.1.
 ```
-sudo yum install telnet
-telnet 127.0.0.1 7001
+至此，您已经配置完代理服务器的配置，可以回到SDP UI上手动添加或者批量添加数据源了。
+
+---
+### 附录：批量创建从代理服务器转发的数据源
+
+##### Step 1: 下载模版
+从SDP UI上面，下载批量创建数据源的模版。
+
+##### Step 2: 编辑excel文件
+填入您所需要扫描的数据源。
+
+| InstanceName        | SSL | Description                                                        | JDBC_URL                                     | JDBC_Databases | SecretARN | Username | Password   | AccountID            | Region         | ProviderID |
+|---------------------|-----|--------------------------------------------------------------------|----------------------------------------------|----------------|-----------|----------|------------|----------------------|----------------|------------|
+| test-instance-7001  | 1   | xxxx1.sql.db.com:23297 | jdbc:mysql://172.31.48.6:7001                |                |           | root     | Temp123456! | 123456789 | ap-guangzhou-1 | 4          |
+| test-instance-7002  | 1   | xxxx2.sql.db.com:3306 | jdbc:mysql://172.31.48.6:7002                |                |           | root     | Temp123456! | 123456789 | ap-guangzhou-1 | 4          |
+
+
+##### Step 3: 生成Nginx软件的config文件
+（在本地）打开excel软件，菜单栏点击 Tools → Marco → Visual Basic Editor 功能。
+
+
+点击运行按钮，会看到excel文件所在目录下生成一个config.txt文件。
+
+```java
+// 这个是一个样例。
+// 通过EC2的7001端口转发至xxxx1.sql.db.com:23297数据库。
+// 通过EC2的7002端口转发至xxxx2.sql.xxdb.com:3306数据库。
+stream {
+    upstream backend1 {
+        server xxxx1.sql.db.com:23297 max_fails=3 fail_timeout=30s;
+    }
+    server {
+        listen 7001; 
+        proxy_connect_timeout 2s;
+        proxy_pass backend1;
+    }
+    upstream backend2 {
+        server xxxx2.sql.db.com:3306 max_fails=3 fail_timeout=30s;
+    }
+    server {
+        listen 7002; 
+        proxy_connect_timeout 2s;
+        proxy_pass backend2;
+    }
+}
 ```