Configuring AWS IAM Authentication for Informatica Cloud Amazon Redshift Connector

Similar documents
Informatica Cloud Spring Amazon S3 Connector Guide

Making a POST Request Using Informatica Cloud REST API Connector

Amazon Web Services and Feb 28 outage. Overview presented by Divya

Informatica PowerExchange for Amazon Redshift User Guide for PowerCenter

New Features and Enhancements in Big Data Management 10.2

MarkLogic Cloud Service Pricing & Billing Effective: October 1, 2018

Column Name Description Data Type

Cloud Elements CRM Hub Provisioning and Usage Guide

Lab 2. Implement the customer creation logic

Quick start guide for Infscape UrBackup Appliance on Amazon Web Services

DocAve Online 3. Release Notes

Amazon Simple Storage Service. Developer Guide API Version

Setting up a Salesforce Outbound Message in Informatica Cloud

AWS Elemental MediaStore. User Guide

AWS Database Migration Service. User Guide API Version API Version

Amazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect

Converting Relational Input into Hierarchical Output using Google BigQuery Connector

Publishing and Subscribing to Cloud Applications with Data Integration Hub

Getting started with AWS security

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Certificate Certificate number:

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Getting started with AWS security

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Getting Started with Attunity Replicate on Amazon EC2. Version 6.0

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Using the Random Sampling Option in Profiles

How to Configure Pushdown Optimization for an Amazon Redshift Task Using an ODBC Connection

Configuring a Web Services Transformation in Informatica Cloud to Read Data from SAP BW BEx Query

Cloud and Storage. Transforming IT with AWS and Zadara. Doug Cliche, Storage Solutions Architect June 5, 2018

lab Creating a Low Cost Sync Database for JavaScript Applications with AWS V1.00 AWS Certified Developer Associate lab title Course title

AWS IAM Roles How To. Qubole AWS Account ID. External ID. Qubole Inc. AWS IAM Roles How To qubole.com/education

Importing Metadata from Relational Sources in Test Data Management

Security & Compliance in the AWS Cloud. Amazon Web Services

Informatica Cloud Spring Data Integration Hub Connector Guide

Informatica PowerExchange for Amazon S User Guide

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

SQLSplitter v Date:

Creating OData Custom Composite Keys

Srinath Vaddepally.

AWS Elemental MediaLive. User Guide

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Expected Learning Outcomes Introduction To AWS

Administrator Guide Administrator Guide

Engage with ESRI in the AWS Cloud. Teresa Carlson, VP of Global Public Sector

Cloud Transformation and Significance of Security

AWS Serverless Application Repository. Developer Guide

AWS Security Hub. User Guide

Certificate. Certificate number: Certified by EY CertifyPoint since: February 28, 2017

Amazon Redshift. Getting Started Guide API Version

vcenter Operations Management Pack for AWS Installation and Configuration Guide

Certificate. Certificate number: Certified by EY CertifyPoint since: November 20, 2015

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Using AWS Data Migration Service with RDS

Informatica Big Data Management on the AWS Cloud

Using vrealize Network Insight. VMware vrealize Network Insight 3.8

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

This document contains important information about known limitations for Data Integration Connectors.

Amazon ElastiCache. User Guide API Version

Importing Flat File Sources in Test Data Management

INTEROPERABILITY MATRIX FOR ALL ZERTO VIRTUAL REPLICATION VERSIONS

Amazon AppStream 2.0: Getting Started Guide

AWS Direct Connect Deep Dive

Introduction to Amazon Cloud & EC2 Overview

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Deep Freeze Cloud. Architecture and Security Overview

Informatica Cloud Data Integration Winter 2017 December. What's New

How to Use Topic Patterns in Kafka Data Objects

Qualys CloudView v1.x

Configuring SAML-based Single Sign-on for Informatica Web Applications

Amazon GuardDuty. Amazon Guard Duty User Guide

Using a Web Services Transformation to Get Employee Details from Workday

Tetration Cluster Cloud Deployment Guide

Using The Hortonworks Virtual Sandbox Powered By Apache Hadoop

Importing Metadata From an XML Source in Test Data Management

AWS Database Migration Service. User Guide API Version API Version

Amazon Redshift. Getting Started Guide API Version

Netflix OSS Spinnaker on the AWS Cloud

Dialogic PowerMedia XMS and Amazon Web Services (AWS)

SelectSurvey.NET AWS (Amazon Web Service) Integration

CloudView User Guide. June 8, 2018

Monitoring AWS VPCs with Flow Logs

Cloud Storage for Enterprise Vault

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Informatica Cloud (Version Winter 2016) Magento Connector User Guide

Generating Credit Card Numbers in Test Data Management

Title: Planning AWS Platform Security Assessment?

VMware Cloud on AWS Adoption in the Enterprise

Creating Column Profiles on LDAP Data Objects

Analytics External Data API Developer Guide

Informatica Cloud Spring Google BigQuery Connector Guide

Pro PowerShell for Amazon Web Services What You ll Learn: SOURCE CODE ONLINE

Amazon Athena: User Guide

2016 Infoblox Inc. All rights reserved. Implementing AWS Route 53 Synchronization Infoblox-DG January 2016 Page 1 of 8

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

Introduction to Amazon Cloud & EC2 Overview

How to Generate a Custom URL in the REST Web Service Consumer Transformation

Transcription:

Configuring AWS IAM Authentication for Informatica Cloud Amazon Redshift Connector Copyright Informatica LLC 2015, 2017. Informatica, the Informatica logo, and Informatica Cloud are trademarks or registered trademarks of Informatica LLC in the United States and many jurisdictions throughout the world. A current list of Informatica trademarks is available on the web at https://www.informatica.com/trademarks.html

Abstract You can use AWS Identity and Access Management (IAM) to control individual and group access to Amazon Redshift resources. You can configure AWS IAM to run tasks on the Secure Agent that is installed on the EC2 system. AWS IAM service provides enhanced security. This article describes the guidelines to configure IAM Authentication for Informatica Cloud Amazon Redshift Connector. Supported Versions Informatica Cloud Fall 2016 December Table of Contents Overview.... 2 Create Minimal Amazon S3 Bucket Policy.... 2 Create the Amazon EC2 Role.... 3 Create the Amazon Redshift Role.... 4 Add Amazon Redshift Role to the Redshift Cluster.... 4 Create an Amazon Redshift Connection.... 5 Create a Data Synchronization Task... 5 Overview You are a business analyst for an e-commerce organization. The organization stores product and customer data in an on-premise MySQL database. You want to securely read data from the on-premise MySQL database and write data to Amazon Redshift for analysis. You want to perform analysis on the data to make business decisions and enhance customer relationships. To control the access of Amazon Redshift resources, you can define permissions to the users by configuring AWS Identity and Access Management (IAM). Perform the following steps to configure IAM authentication: 1. Create a minimal Amazon S3 bucket policy. 2. Create an Amazon EC2 Role and an EC2 instance. 3. Create an Amazon Redshift Role ARN. 4. Add the Amazon Redshift Role ARN to the Amazon Redshift cluster. 5. Create an Amazon Redshift connection. 6. Create a Data Synchronization task. Create Minimal Amazon S3 Bucket Policy The minimal Amazon S3 bucket policy ensures Amazon Redshift Connector performs read and write operations successfully. You can restrict user operations and user access to a particular Amazon S3 bucket by assigning an AWS IAM policy to the users. Configure the AWS IAM policy through the AWS console. 2

You can use the following minimum required permissions to successfully read data from and write data to Amazon Redshift resources: PutObject GetObject GetObjectVersion DeleteObject DeleteObjectVersion ListBucket GetBucketPolicy The following snippet shows a sample Amazon S3 bucket policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:putobject", "s3:getobject", "s3:getobjectversion", "s3:deleteobject", "s3:deleteobjectversion", "s3:listbucket", "s3:getbucketpolicy" ], "Resource": [ "arn:aws:s3:::<specify_bucket_name>/*", "arn:aws:s3:::<specify_bucket_name>/*" ] } ] } You can specify the following regions that Amazon S3 supports to create an Amazon S3 bucket: Asia Pacific (Mumbai) Asia Pacific (Seoul) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Canada (Central) EU (Ireland) EU (Frankfurt) South America (Sao Paulo) US East (N. Virginia) US East (Ohio) US West (N. California) US West (Oregon) Create the Amazon EC2 Role When you create an EC2 system in the Redshift cluster, you can use Amazon EC2 Role. 1. Log in to the AWS Console. 2. Click Identity and Access Management. 3. Select Role under the Details menu and click Create New Role. 4. Specify the name of the role in the Set Role Name page. 5. Click Next Step. 3

6. Select the Amazon EC2 role type in the Select Role Type page. 7. Select the required Amazon S3 Policy in the Attach Policy page. 8. Click Next Step. 9. Review the Role Name, Role ARN, Trusted Entities, and Policies values in the Review page. 10. Click Create Role. After creating the Amazon EC2 Role, create an EC2 instance. Assign the Amazon EC2 Role to the EC2 instance. For more information about creating an EC2 instance and assigning an Amazon EC2 Role to the Amazon EC2 instance, see the Amazon Redshift documentation. Create the Amazon Redshift Role Use the Amazon Redshift Role for secure access to Amazon Redshift resources. 1. Log in to the AWS Console. 2. Click Identity and Access Management. 3. Select Role under the Details menu and click Create New Role. 4. Specify the name of the role in the Set Role Name page. 5. Click Next Step. 6. Select the Amazon Redshift role type in the Select Role Type page. 7. Select the required Amazon S3 Policy in the Attach Policy page. 8. Click Next Step. 9. Review the Role Name, Role ARN, Trusted Entities, and Policies values in the Review page. 10. Click Create Role. You created an Amazon Redshift Role, for example, arn:aws:iam::123123456789:role/redshift_write. You must assign this role to the Amazon Redshift cluster to successfully perform the read and write operations. Add Amazon Redshift Role to the Redshift Cluster After you create an Amazon Redshift Role, you must associate the role with an Amazon Redshift cluster to read data from and write data to Amazon Redshift target. 1. Log in to the AWS Console. 4

2. Click Amazon Redshift under the Database option. 3. Click Clusters under Dashboard and select your cluster. 4. Click Manage IAM Roles. The Manage IAM Roles dialog box displays. 5. Select the required Amazon Redshift Role. For example, arn:aws:iam::123123456789:role/redshift_write. 6. Click Apply changes. After you add the Amazon Redshift Role to the Redshift cluster, install the Secure Agent on the EC2 instance. For more information about installing a Secure Agent, see Informatica Cloud online help. Create an Amazon Redshift Connection Create an Amazon Redshift connection and specify the connection properties to configure IAM to control secure access of Amazon Redshift resources. When you create an Amazon Redshift connection, do not provide the Access Key ID and Secret Access Key. The following image shows sample values in the Amazon Redshift connection properties: The Secure Agent uses the username, password, and jdbc url to validate the connection. When you configure the IAM Role, the Secure Agent uses the Amazon Resource Name (ARN) associated with the IAM Role to access the data from the Amazon Redshift target. When you run the Data Synchronization task, the Secure Agent validates the IAM policy. Create a Data Synchronization Task Create a Data Synchronization task to read data from an on-premise MySQL database and write data to Amazon Redshift target for analysis. Configure AWS IAM authentication for secure and controlled access to Amazon Redshift resources when you run the Data Synchronization task. 1. Select Task Wizard on the Informatica Cloud home page. 5

2. Select Data Synchronization from the menu. The Data Synchronization page appears. 3. Select New. The Definition tab appears. 4. Provide the task details. The following image shows sample task details: 5. Select Next. The Source tab appears. 6. Provide source details to read data from the MySQL source. The following image shows sample source details: 7. Select Next. The Target tab appears. 8. Select the target Connection and Target Object required for the task. The following image shows sample target details: 9. Select Next. 10. The Data Filters tab appears. Default is Process all rows. 6

11. Select Next. In Field Mapping tab, map the source fields to the target fields. 12. Select Next. The Schedule tab appears. 13. Provide the appropriate values for the following advanced target properties: S3 Bucket Name. CopyOptions Property File. Specify the AWS IAM ROLE that you created. Verify that the Amazon S3 bucket and Amazon Redshift cluster reside in the same region. The following image shows sample advanced target properties: 14. Click Save and Run the task. The Secure Agent writes the data to Amazon Redshift target when you specify the ARN in the advanced target properties. The following snippet describes a sample COPY command content: WRITER_1_*_1> Amazon_RedshiftWriter_10004 [2017-01-16 11:46:33.745] [INFO] The agent is running the following SQL query: copy public.master_account1_new (id, isdeleted, masterrecordid, name, type, parentid, billingstreet, billingcity, billingstate, billingpostalcode, billingcountry, billinglatitude, billinglongitude, shippingstreet, shippingcity, shippingstate, shippingpostalcode, shippingcountry, shippinglatitude, shippinglongitude, phone, fax, accountnumber, website, photourl, sic, industry, annualrevenue, numberofemployees, ownership, tickersymbol, description, rating, site, ownerid, createddate, createdbyid, lastmodifieddate, lastmodifiedbyid, systemmodstamp, lastactivitydate, lastvieweddate, lastreferenceddate, jigsaw, jigsawcompanyid, accountsource, sicdesc, customerpriority c, sla c, numberoflocations c, upsellopportunity c, slaserialnumber c, slaexpirationdate c, active c, myemail c, test1 c) from 's3://sample.name.bucket.csv.' credentials 'aws_iam_role=arn:aws:iam::123123456789:role/redshift_read' MAXERROR 1 CSV QUOTE '\037' NULL '' ACCEPTINVCHARS '?' DELIMITER '\036' ROUNDEC IGNOREHEADER 1 GZIP COMPUPDATE OFF; 7

After you run the task, you will be redirected to the Monitor Log page. In the Monitor Log page, you can monitor the status of the Data Synchronization tasks. Authors Fariyal Arif Documentation Trainee Chanchal Das Lead Technical Writer Shivaprasad Yallappagoudar Lead QA Engineer 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback