MariaDB Connection Reference Guide

The MariaDB connection registers data from MariaDB in Immuta. Immuta supports MariaDB on Amazon RDS.

What does Immuta do in my environment?

Registering a connection

MariaDB is configured and data is registered through connections, an Immuta feature that allows you to register your data objects through a single connection to make data registration more scalable for your organization. Instead of registering schema and databases individually, you can register them all at once and allow Immuta to monitor your data platform for changes so that data sources are added and removed automatically to reflect the state of data in your data platform.

When the connection is registered, Immuta ingests and stores connection metadata in the Immuta metadata database. In the example below, the Immuta application administrator connects the database that contains marketing-data , research-data , and cs-data tables. Immuta registers these tables as data sources and stores the table metadata in the Immuta metadata database.

Immuta presents a hierarchical view of your data that reflects the hierarchy of objects in MariaDB after registration is complete:

• Host

• Database

• Data object

Beyond making the registration of your data more intuitive, connections provides more control. Instead of performing operations on individual schemas or tables, you can perform operations (such as object sync) at the connection level.

See the Connections reference guide for details about connections and how to manage them. To configure your MariaDB connection, see the Register a MariaDB connection guide.

MariaDB privileges

The privileges that the MariaDB connection requires align to the least privilege security principle. The table below describes each privilege required by the setup user and the IMMUTA_SYSTEM_ACCOUNT user.

Maintaining state with MariaDB

The following user actions spur various processes in the MariaDB connection so that Immuta data remains synchronous with data in MariaDB:

• Data source created or updated: Immuta registers data source metadata and stores that metadata in the Immuta metadata database.

• Data source deleted: Immuta deletes the data source metadata from the metadata database and removes subscription policies from that table.

Supported object types

The supported object types for the MariaDB connection are listed below:

• Base tables

• Views

Immuta policies

Immuta will not apply policies in this connection.

Security and compliance

Authentication methods

The MariaDB connection supports the following authentication methods to register a connection:

• Access using AWS IAM role (recommended): Immuta will assume this IAM role from Immuta's AWS account to request temporary credentials that it can use to perform operations in the registered MariaDB database. This option allows you to provide Immuta with an IAM role from your AWS account that is granted a trust relationship with Immuta's IAM role.

• Access using access key and secret access key: These credentials are used by Immuta to register the connection and maintain state between Immuta and MariaDB. The access key ID and secret access key provided must be for an AWS account with the privileges listed in the Register a MariaDB connection guide.

• Username and password: These credentials are used by Immuta to register the connection and maintain state between Immuta and MariaDB. The credentials provided must be for a MariaDB user account with the privileges listed in the Register a MariaDB connection guide.

Limitations and known issues

The following Immuta features are unsupported:

• Subscription and data policies

• Identification

• Tag ingestion

• Query audit