Skip to content

Integration with Amazon Web Services

Jump to bottom
Michael Kober edited this page May 25, 2016 · 11 revisions

Amazon Simple Storage Service (S3)

Slicebox supports storing of images on local filesystem or on Amazon Web Services (AWS) S3 with file system as default configuration:

  • dicom-storage.file-system.path - directory for image storage
  • dicom-storage.s3.bucket - S3 bucket for images
  • dicom-storage.s3.prefix - prefix for S3 keys, objects on S3 will be stored under path prefix/key
  • dicom-storage.config = ${slicebox.dicom-storage.file-system} - use file system as storage

Slicebox S3 integration uses AWS Java SDK using TLS by default for storing of objects on S3 and enforces server side encryption on S3 (AES-256).

When running Slicebox on an AWS EC2 instance, it is recommended to use IAM roles to authorize access to the configured S3 bucket. On premises (local) Slicebox can only use S3 storage when valid AWS credentials are set - either as environment variables:

  • export AWS_ACCESS_KEY_ID=<your-aws-access-key-id>
  • export AWS_SECRET_KEY=<your-aws-secret-key>

or as Java system properties:

  • aws.accessKeyId=<your-aws-access-key-id>
  • aws.secretKey=<your-aws-secret-key>

Amazon Relational Database Service (RDS) for MySQL

Slicebox supports both H2 and MySQL as database engines. When running on an AWS EC2 instance it is recommended to use RDS MySql instead of the H2 DB, as any data on the ephemeral storage of an EC2 instance will be lost when it is terminated. Use slicebox.conf to configure your database connection:, i.e. for MySQL

  • database.path = "jdbc:mysql://<your-rds-endpoint>:3306/<your-db-name>?sessionVariables=sql_mode='ANSI_QUOTES'"
  • database.user = "<your-db-user>"
  • database.password = "<your-db-password>"

SSL/TLS Encryption for RDS MySQL connections

When handling health information in the cloud, you always should use SSL/TLS encyrption for all connections. To enable SSL/TLS connection from Slicebox to an RDS MySQL DB do the following:

  • Read http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

  • Download root certificate and required intermediate certificate for your AWS region (see link)

  • Import certificates with keytool to a truststore

      keytool -import -alias rdsMysqlCARoot -file rds-ca-2015-root.pem -keystore sbox-truststore.jks
  keytool -import -alias rdsMysqlCAEuWest -file rds-ca-2015-eu-west-1.pem -keystore sbox-truststore.jks

  • Merge with cacerts found in the lib/security folder of your Java installation, default password for cacerts is changeit

      keytool -importkeystore -srckeystore /usr/java/jre1.8.0_77/lib/security/cacerts -destkeystore sbox-truststore.jks -srcstorepass changeit -deststorepass mydestpassword

  • Add java options in sbt packaging

      addJava "-Djavax.net.ssl.trustStore=/usr/share/slicebox/conf/sbox-truststore.jks"
  addJava "-Djavax.net.ssl.trustStorePassword=mydestpassword"

  • Add the following parameters to your JDBC URL useSSL=true&verifyServerCertificate=true&requireSSL=true, i.e.

      database.path = "jdbc:mysql://<your-rds-endpoint>:3306/<your-db-name>?useSSL=true&verifyServerCertificate=true&requireSSL=true&sessionVariables=sql_mode='ANSI_QUOTES'"

  • Repeat these steps when updating your java version on your server or when Amazon provides updated certificates for RDS

Slicebox is an open-source project under the Apache 2.0 license. It is an initiative of the NIMSA research group at the Sahlgrenska Academy Hospital in Gothenburg, Sweden.

Clone this wiki locally