Table of Contents

Search

  1. Preface
  2. Runtime environments
  3. Hosted Agent
  4. Secure Agent groups
  5. Serverless runtime environments
  6. Connectors in a serverless runtime environment
  7. Secure Agents
  8. Secure Agent installation

Runtime Environments

Runtime Environments

Configuring a system disk

Configuring a system disk

The serverless runtime environment can use system disks for improved performance.
Configure a system disk to improve mapping performance in Data Integration.
You can configure system disks in Amazon EFS (Elastic File System) and NFS (Network File System) formats. File system connections in EFS are TLS-enabled by default. File system connections in NFS use NFSv4 (Network File System Version 4).
When you use a system disk, the serverless runtime environment creates a folder with the name
<organization ID>/<serverless environment Id>
on the system disk. This folder stores job metadata and logs.

Rules and guidelines for the EFS file system

Use the following guidelines when you configure system disks in the Amazon EFS format:
  • Set the file system to the ID of the EFS file system.
  • Allow the subnet in the serverless runtime environment to access to the Amazon EFS file system.
  • Configure the EFS security group to allow inbound access from the security group configured in the serverless runtime environment.
  • Configure the IAM role in the serverless environment with full access to the EFS file system. You can grant full access in the file system policy or in the IAM role. For example, the following file system policy allows root access to ServerlessRole (SREIICS) for file system fs-12345 and allows SecureTransport only:
    "Version": "2012-10-17", "Id": "efs-policy-wizard-<efs policy wizard ID>", "Statement": [ { "Sid": "efs-statement-<efs statement ID>", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<arn ID>:role/SREIICS" }, "Action": [ "elasticfilesystem:ClientWrite", "elasticfilesystem:ClientMount", "elasticfilesystem:ClientRootAccess" ], "Resource": "arn:aws:elasticfilesystem:us-west-2: <arn ID>:file-system/fs-12345", "Condition": { "Bool": { "elasticfilesystem:AccessedViaMountTarget": "true" } } }, { "Sid": "efs-statement-<efs statement ID>", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "*", "Resource": "arn:aws:elasticfilesystem:us-west-2: 123456789:file-system/fs-12345", "Condition": { "Bool": { "aws:SecureTransport": "false" } } } ] }
    The following table describes the actions in the sample policy:
    Action
    Description
    elasticfilesystem:ClientMount
    Provides read-only access to a file system.
    elasticfilesystem:ClientWrite
    Provides write permissions on a file system.
    elasticfilesystem:ClientRootAccess
    Provides use of the root user when accessing a file system.
  • Create any folder required by an access point before creating the access point itself. For example, if the access point refers to the folder
    /my-company/dev
    , then define this folder first before you set up the access point.
  • Configure the IAM role to restrict access to specific access points on the file system. For more information, see https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html

Rules and guidelines for the NFS file system

Use the following guidelines when you configure system disks in the NFS format.
  • Set the file system to the DNS of the NFS server.
  • Configure the subnet in the serverless runtime environment to allow access to the NFS file server.
  • Configure the file server security group to allow inbound access from the security group configured in the serverless runtime environment.

0 COMMENTS

We’d like to hear from you!