Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Preface
  2. Runtime environments
  3. Hosted Agent
  4. Secure Agent groups
  5. Serverless runtime environments
  6. Connectors in a serverless runtime environment
  7. Secure Agents
  8. Secure Agent installation

Runtime Environments

Runtime Environments

Back Next

Configuring a system disk

Configuring a system disk

The serverless runtime environment can use system disks for improved performance.
Configure a system disk to improve mapping performance in Data Integration.
You can configure system disks in Amazon EFS (Elastic File System) and NFS (Network File System) formats. File system connections in EFS are TLS-enabled by default. File system connections in NFS use NFSv4 (Network File System Version 4).
When you use a system disk, the serverless runtime environment creates a folder with the name
<organization ID>/<serverless environment Id>
 on the system disk. This folder stores job metadata and logs.

Rules and guidelines for the EFS file system

Use the following guidelines when you configure system disks in the Amazon EFS format:
  • Set the file system to the ID of the EFS file system.
  • Allow the subnet in the serverless runtime environment to access to the Amazon EFS file system.
  • Configure the EFS security group to allow inbound access from the security group configured in the serverless runtime environment.
  • Configure the IAM role in the serverless environment with full access to the EFS file system. You can grant full access in the file system policy or in the IAM role. For example, the following file system policy allows root access to ServerlessRole (SREIICS) for file system fs-12345 and allows SecureTransport only: 
    "Version": "2012-10-17",
    "Id": "efs-policy-wizard-<efs policy wizard ID>",
    "Statement": [
        {
            "Sid": "efs-statement-<efs statement ID>",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<arn ID>:role/SREIICS"
            },
            "Action": [
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientMount",
                "elasticfilesystem:ClientRootAccess"
            ],
            "Resource": "arn:aws:elasticfilesystem:us-west-2: <arn ID>:file-system/fs-12345",
            "Condition": {
                "Bool": {
                    "elasticfilesystem:AccessedViaMountTarget": "true"
                }
            }
        },
        {
            "Sid": "efs-statement-<efs statement ID>",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "*",
            "Resource": "arn:aws:elasticfilesystem:us-west-2: 123456789:file-system/fs-12345",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}
    The following table describes the actions in the sample policy:
    Action
    Description
    elasticfilesystem:ClientMount
    Provides read-only access to a file system.
    elasticfilesystem:ClientWrite
    Provides write permissions on a file system.
    elasticfilesystem:ClientRootAccess
    Provides use of the root user when accessing a file system.
  • Create any folder required by an access point before creating the access point itself. For example, if the access point refers to the folder
    /my-company/dev
    , then define this folder first before you set up the access point.
  • Configure the IAM role to restrict access to specific access points on the file system. For more information, see https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html

Rules and guidelines for the NFS file system

Use the following guidelines when you configure system disks in the NFS format.
  • Set the file system to the DNS of the NFS server.
  • Configure the subnet in the serverless runtime environment to allow access to the NFS file server.
  • Configure the file server security group to allow inbound access from the security group configured in the serverless runtime environment.
0 COMMENTS
We’d like to hear from you!