Using SSRS Email to send reports
SSRS includes the SSRS Email extension, which you can use to send reports to users.
To configure SSRS Email, use the SSRS
option settings. For more
information, see Adding the SSRS option to your option group.
After configuring SSRS Email, you can subscribe to reports on the report server. For more information, see Email
delivery in Reporting Services
Integration with AWS Secrets Manager is required for SSRS Email to function on RDS. To integrate with Secrets Manager, you create a secret.
Note
If you change the secret later, you also have to update the SSRS
option in the option group.
To create a secret for SSRS Email
-
Follow the steps in Create a secret in the AWS Secrets Manager User Guide.
-
For Select secret type, choose Other type of secrets.
-
For Key/value pairs, enter the following:
-
SMTP_USERNAME
– Enter a user with permission to send mail from the SMTP server. -
SMTP_PASSWORD
– Enter a password for the SMTP user.
-
-
For Encryption key, don't use the default AWS KMS key. Use your own existing key, or create a new one.
The KMS key policy must allow the
kms:Decrypt
action, for example:{ "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "Service": [ "rds.amazonaws.com" ] }, "Action": [ "kms:Decrypt" ], "Resource": "*" }
-
-
Follow the steps in Attach a permissions policy to a secret in the AWS Secrets Manager User Guide. The permissions policy gives the
secretsmanager:GetSecretValue
action to therds.amazonaws.com
service principal.We recommend that you use the
aws:sourceAccount
andaws:sourceArn
conditions in the policy to avoid the confused deputy problem. Use your AWS account foraws:sourceAccount
and the option group ARN foraws:sourceArn
. For more information, see Preventing cross-service confused deputy problems.The following example shows a permissions policy.
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "Service" : "rds.amazonaws.com" }, "Action" : "secretsmanager:GetSecretValue", "Resource" : "*", "Condition" : { "StringEquals" : { "aws:sourceAccount" : "
123456789012
" }, "ArnLike" : { "aws:sourceArn" : "arn:aws:rds:us-west-2:123456789012
:og:ssrs-se-2017
" } } } ] }For more examples, see Permissions policy examples for AWS Secrets Manager in the AWS Secrets Manager User Guide.