Cloud Data Governance and Catalog Serverless Agent

Overview

A serverless runtime environment is an advanced serverless deployment solution that uses an isolated, single-tenant model, unlike the multi-tenant model on the Hosted Agent.

The single-tenant model provides a dedicated server with virtual machine resources to run tasks for your organization. The serverless runtime environment auto-scales with the size of the workload while your data remains in your cloud environment.

A serverless runtime environment can be hosted on these cloud platforms:

Azure Virtual Network (VNet)

Amazon Virtual Private Cloud (VPC). The serverless runtime environment creates an elastic network interface (ENI) to connect to your cloud environment.

A serverless runtime environment supports local regions in each geo-location. For example, an AWS (Amazon Web Services) cloud platform in the United States (US) supports all US regions and an AWS cloud platform in Asia-Pacific (APAC) supports all APAC regions. 

Pre-Requisites

Users who require access to the Serverless Environments configuration page require the PRIVILEGES.VIEW_AGENT_GROUP permission.

Also, when setting up Informatica Cloud Data Integration (CDI) with serverless agents on AWS or Azure, you need to configure permissions to ensure the agent can perform its tasks effectively. Here are the typical permissions/pre-requisites required from the AWS and Azure perspectives:

AWS:

IAM Role for Serverless Agent:
- Create an IAM role that grants necessary permissions to the serverless agent.
- At minimum, the IAM role should have permissions to access the necessary AWS services and resources (like S3, RDS, Redshift, etc.) that your Informatica jobs will interact with.
- Example policies might include:
  - AmazonS3FullAccess: Full access to Amazon S3 buckets if your jobs involve reading from or writing to S3.
  - AmazonRDSFullAccess: Full access to Amazon RDS instances if your jobs interact with RDS databases.
  - AmazonRedshiftFullAccess: Full access to Amazon Redshift clusters if your jobs interact with Redshift databases.
- Custom policies might be required depending on your specific use case.
Permissions to Read/Write Data:
- Ensure the IAM role associated with the serverless agent has permissions to read from and write to the specific data sources and destinations involved in your data integration workflows.
Access to CloudWatch Logs (Optional):
- If you want the serverless agent to write logs to CloudWatch Logs, ensure the IAM role has permissions to write logs to CloudWatch.

Azure:

Service Principal (App Registration):
- Create an Azure Active Directory (AAD) application and service principal for the serverless agent.
- Assign necessary roles to this service principal based on the Azure resources it needs to access (e.g., Storage Blob Data Contributor, SQL Contributor).
Access Policies:
- Configure access policies on Azure resources (like Azure Blob Storage, Azure SQL Database, etc.) to allow the serverless agent to read from and write to these resources.
- For example, on Azure Blob Storage, you might need to grant Blob Data Contributor or Storage Blob Data Contributor role to the service principal.
Network and Security Considerations:
- Ensure that network security groups or firewalls allow inbound and outbound traffic as required by the serverless agent for accessing Azure services.

General Considerations:

Least Privilege Principle: Always follow the principle of least privilege when assigning permissions. Only grant the permissions necessary for the serverless agent to perform its specific tasks.
Managed Identity (Azure): If possible, use Azure Managed Identity for the serverless agent, which eliminates the need to manage credentials explicitly.
Testing: After configuring permissions, thoroughly test the serverless agent to ensure it can perform all necessary operations without encountering permission issues.

By setting up these permissions correctly, you ensure that the Informatica Cloud Data Integration serverless agent can securely and efficiently interact with AWS or Azure services as required by your data integration workflows.

Self-Service Resources

Goals

The primary goal of using Informatica CDGC (Cloud Data Integration Global Control) in a serverless environment is to achieve efficient, scalable, and cost-effective data integration and management
Reliability and Resilience
Flexibility and Agility

Outcome

Efficiency in Data Integration
Enhanced Data Governance and Compliance
Improved Operational Efficiency
Advanced Analytics and Insights

Required Roles/Personas

Administrator
Data Integration Developer
Data Steward or Data Governance Manager
Business Analyst or Data Consumer
Security Administrator

Add to Favorites

Catalog Type

Ask An Expert

Engagement Category

Feature Clarity

Products

Cloud Data Governance and Catalog

Engagement Type

Ask An Expert

Adoption Stage

Configure

Implement

Optimize

Focus Area

Adoption - Technical

Functional

Engagement ID

AAE-CDGC-021

Disclaimer

All the topics covered in the Success Accelerators/Ask An Expert sessions are intended for guidance and advisory only. This is implicit and it will not be called out under the scope of each engagement.
Customers need to include their relevant technical/business team members highlighted in each engagement topic to derive the best out of each engagement.
Customers need to perform any hands-on work by themselves leveraging the guidance from these engagements.
Customers need to work with Informatica Global Customer Support for any product bugs/issues and troubleshooting.