IBM · devanshah2 · Nov 20, 2025 · Nov 20, 2025 · Nov 20, 2025 · Nov 20, 2025
diff --git a/examples/aws-rds-mariadb/README.md b/examples/aws-rds-mariadb/README.md
@@ -45,7 +45,10 @@ db_host     = "your-mariadb-instance.rds.amazonaws.com"
 db_port     = 3306
 db_username = "admin"
 db_password = "your-secure-password"
-gdmmonitor_password = "secure-password-for-gdmmonitor"
+
+# Guardium VA user configuration
+sqlguard_username = "sqlguard"
+sqlguard_password = "secure-password-for-sqlguard"
 
 # Network Configuration
 vpc_id      = "vpc-12345678"
@@ -89,7 +92,7 @@ Review the planned changes and type `yes` to apply them.
 This example uses two main modules:
 
 1. **aws-rds-mariadb** - Configures the MariaDB database for vulnerability assessment by:
-   - Creating a `gdmmonitor` user with the necessary permissions
+   - Creating a `sqlguard` user with the necessary permissions
    - Granting required permissions for Guardium VA
    - Deploying a Lambda function to execute the configuration
 
@@ -108,7 +111,8 @@ This example uses two main modules:
 | db_port                         | Port for MariaDB database                                                | `number`       | `3306`              |    no    |
 | db_username                     | Username for the MariaDB database                                        | `string`       | `"guardium_admin"`  |    no    |
 | db_password                     | Password for the MariaDB database                                        | `string`       | n/a                 |   yes    |
-| gdmmonitor_password             | Password for the Guardium VA user                                        | `string`       | n/a                 |   yes    |
+| sqlguard_username               | Username for the Guardium VA user                                        | `string`       | `"sqlguard"`        |    no    |
+| sqlguard_password               | Password for the Guardium VA user                                        | `string`       | n/a                 |   yes    |
 | vpc_id                          | The ID of the VPC to deploy the lambda into                              | `string`       | n/a                 |   yes    |
 | subnet_ids                      | The subnet IDs to deploy the lambda into                                 | `list(string)` | n/a                 |   yes    |
 | gdp_server                      | The hostname or IP address of the Guardium server                        | `string`       | n/a                 |   yes    |

diff --git a/examples/aws-rds-mariadb/main.tf b/examples/aws-rds-mariadb/main.tf
@@ -20,8 +20,8 @@ module "mariadb_va_config" {
   #----------------------------------------
   # VA User Configuration
   #----------------------------------------
-
-  gdmmonitor_password = var.gdmmonitor_password
+  sqlguard_username = var.sqlguard_username
+  sqlguard_password = var.sqlguard_password
 
   #----------------------------------------
   # lambda configuration

diff --git a/examples/aws-rds-mariadb/terraform.tfvars.example b/examples/aws-rds-mariadb/terraform.tfvars.example
@@ -27,7 +27,8 @@ db_username = "admin"                    # Admin username for MariaDB
 db_port     = 3306                       # Default MariaDB port (3306)
 
 # Guardium VA user configuration
-gdmmonitor_password = "StrongPasswordForVAUser"  # Password for the Guardium VA user
+sqlguard_username = "sqlguard"           # Username for the Guardium VA user (default: sqlguard)
+sqlguard_password = "StrongPasswordForVAUser"  # Password for the Guardium VA user
 
 #----------------------------------------
 # Network Configuration

diff --git a/examples/aws-rds-mariadb/variables.tf b/examples/aws-rds-mariadb/variables.tf
@@ -331,7 +331,15 @@ variable "db_instance_directory" {
   default     = ""
 }
 
-# VA Configuration Outputs
-variable "gdmmonitor_password" {
+# VA Configuration
+variable "sqlguard_username" {
   description = "Username for the Guardium VA user"
+  type        = string
+  default     = "sqlguard"
+}
+
+variable "sqlguard_password" {
+  description = "Password for the Guardium VA user"
+  type        = string
+  sensitive   = true
 }
diff --git a/modules/aws-rds-mariadb/README.md b/modules/aws-rds-mariadb/README.md
@@ -13,7 +13,7 @@ The module deploys the following components:
 
 ## Features
 
-- Creates a `gdmmonitor` user with the necessary permissions for vulnerability assessment
+- Creates a `sqlguard` user with the necessary permissions for vulnerability assessment
 - Grants the required permissions for Guardium VA to work properly
 - Configures the database for Guardium Vulnerability Assessment
 - Deploys a Lambda function to execute the configuration in the VPC where the MariaDB instance resides
@@ -44,7 +44,10 @@ module "mariadb_va_config" {
   db_port     = 3306
   db_username = "admin"
   db_password = "your-password"
-  gdmmonitor_password = "Guardium123!"
+
+  # Guardium VA user configuration
+  sqlguard_username = "sqlguard"
+  sqlguard_password = "Guardium123!"
 
   # Network configuration
   vpc_id      = "vpc-12345678"
@@ -78,7 +81,10 @@ module "mariadb_va_config" {
   db_port     = 3306
   db_username = "admin"
   db_password = "your-password"
-  gdmmonitor_password = "CustomPassword123!"
+
+  # Guardium VA user configuration
+  sqlguard_username = "sqlguard"
+  sqlguard_password = "CustomPassword123!"
 
   # Network configuration
   vpc_id      = "vpc-12345678"
@@ -126,7 +132,8 @@ module "mariadb_va_config" {
 | db_host | Hostname or IP address of the MariaDB database | `string` |
 | db_username | Username for the MariaDB database (must have superuser privileges) | `string` |
 | db_password | Password for the MariaDB database | `string` |
-| gdmmonitor_password | Password for the gdmmonitor user | `string` |
+| sqlguard_username | Username for the Guardium VA user | `string` |
+| sqlguard_password | Password for the sqlguard user | `string` |
 | vpc_id | ID of the VPC where the Lambda function will be deployed | `string` |
 | subnet_ids | List of subnet IDs where the Lambda function will be deployed | `list(string)` |
 | aws_region | AWS region where resources will be created | `string` |
@@ -161,8 +168,8 @@ For a complete list of all input variables, please refer to the [variables.tf](.
 
 | Name | Description |
 |------|-------------|
-| sqlguard_username | Username for the Guardium user (gdmmonitor) |
-| sqlguard_password | Password for the gdmmonitor user (sensitive) |
+| sqlguard_username | Username for the Guardium VA user (sqlguard) |
+| sqlguard_password | Password for the sqlguard user (sensitive) |
 
 ## Implementation Details
 
@@ -179,7 +186,7 @@ The module performs the following actions:
 
 3. **Database Configuration**:
    - The Lambda function connects to the MariaDB database using the provided credentials
-   - Creates or updates the `gdmmonitor` user with the specified password
+   - Creates or updates the `sqlguard` user with the specified password
    - Grants the necessary permissions for Guardium VA:
      - SELECT on mysql.user
      - SELECT on mysql.db

diff --git a/modules/aws-rds-mariadb/files/lambda_function.zip b/modules/aws-rds-mariadb/files/lambda_function.zip
diff --git a/modules/aws-rds-mariadb/main.tf b/modules/aws-rds-mariadb/main.tf
@@ -10,7 +10,6 @@ locals {
   secret_name = "${var.name_prefix}-mariadb-rds-va-password"
   zip_file = "${path.module}/files/lambda_function.zip"
   zip_hash = filesha256(local.zip_file)
-  gdmmonitor_username = "gdmmonitor"
 }
 
 # Create IAM role for Lambda function
@@ -47,8 +46,8 @@ resource "aws_secretsmanager_secret_version" "postgres_credentials_version" {
     password = var.db_password
     endpoint = var.db_host
     port     = var.db_port
-    gdmmonitor_username = local.gdmmonitor_username
-    gdmmonitor_password = var.gdmmonitor_password
+    sqlguard_username = var.sqlguard_username
+    sqlguard_password = var.sqlguard_password
   })
 }
 
@@ -193,8 +192,8 @@ locals {
     datasource_port                = var.db_port
     application                    = var.application
     datasource_description         = var.datasource_description
-    connection_username            = var.db_username
-    connection_password            = var.db_password
+    connection_username            = var.sqlguard_username
+    connection_password            = var.sqlguard_password
     severity_level                 = var.severity_level
     service_name                   = var.service_name
     shared_datasource              = var.shared_datasource

diff --git a/modules/aws-rds-mariadb/outputs.tf b/modules/aws-rds-mariadb/outputs.tf
@@ -1,12 +1,12 @@
-# RDS PostgreSQL VA Config Module Outputs
+# RDS MariaDB VA Config Module Outputs
 
 output "sqlguard_username" {
-  description = "Username for the Guardium user"
-  value       = local.gdmmonitor_username
+  description = "Username for the Guardium VA user"
+  value       = var.sqlguard_username
 }
 
 output "sqlguard_password" {
   description = "Password for the sqlguard user"
-  value       = var.gdmmonitor_password
+  value       = var.sqlguard_password
   sensitive   = true
 }
diff --git a/modules/aws-rds-mariadb/variables.tf b/modules/aws-rds-mariadb/variables.tf
@@ -22,8 +22,14 @@ variable "db_password" {
   sensitive   = true
 }
 
-variable "gdmmonitor_password" {
-  description = "Password for the gdmmonitor user"
+variable "sqlguard_username" {
+  description = "Username for the Guardium VA user"
+  type        = string
+  default     = "sqlguard"
+}
+
+variable "sqlguard_password" {
+  description = "Password for the sqlguard user"
   type        = string
   sensitive   = true
 }