Using SSRS Email to send reports - Amazon Relational Database Service

Using SSRS Email to send reports

SSRS includes the SSRS Email extension, which you can use to send reports to users.

To configure SSRS Email, use the SSRS option settings. For more information, see Adding the SSRS option to your option group.

After configuring SSRS Email, you can subscribe to reports on the report server. For more information, see Email delivery in Reporting Services in the Microsoft documentation.

Integration with AWS Secrets Manager is required for SSRS Email to function on RDS. To integrate with Secrets Manager, you create a secret.

Note

If you change the secret later, you also have to update the SSRS option in the option group.

To create a secret for SSRS Email
  1. Follow the steps in Create a secret in the AWS Secrets Manager User Guide.

    1. For Select secret type, choose Other type of secrets.

    2. For Key/value pairs, enter the following:

      • SMTP_USERNAME – Enter a user with permission to send mail from the SMTP server.

      • SMTP_PASSWORD – Enter a password for the SMTP user.

    3. For Encryption key, don't use the default AWS KMS key. Use your own existing key, or create a new one.

      The KMS key policy must allow the kms:Decrypt action, for example:

      { "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "Service": [ "rds.amazonaws.com" ] }, "Action": [ "kms:Decrypt" ], "Resource": "*" }
  2. Follow the steps in Attach a permissions policy to a secret in the AWS Secrets Manager User Guide. The permissions policy gives the secretsmanager:GetSecretValue action to the rds.amazonaws.com service principal.

    We recommend that you use the aws:sourceAccount and aws:sourceArn conditions in the policy to avoid the confused deputy problem. Use your AWS account for aws:sourceAccount and the option group ARN for aws:sourceArn. For more information, see Preventing cross-service confused deputy problems.

    The following example shows a permissions policy.

    { "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "Service" : "rds.amazonaws.com" }, "Action" : "secretsmanager:GetSecretValue", "Resource" : "*", "Condition" : { "StringEquals" : { "aws:sourceAccount" : "123456789012" }, "ArnLike" : { "aws:sourceArn" : "arn:aws:rds:us-west-2:123456789012:og:ssrs-se-2017" } } } ] }

    For more examples, see Permissions policy examples for AWS Secrets Manager in the AWS Secrets Manager User Guide.