Book a demo

Register a MariaDB Connection

Immuta policies will not be automatically enforced in MariaDB

While you can author and apply subscription and data policies on MariaDB data sources within Immuta, these policies will not be enforced natively in the MariaDB platform. You can use Immuta webhooks to be notified about changes to user access and make appropriate access updates in MariaDB using your own process.

To use this connection, contact your Immuta representative.

Requirement

  • Amazon RDS for MariaDB

Permissions

The user registering the connection must have the permissions below.

  • APPLICATION_ADMIN Immuta permission

  • The MariaDB user setting up the connection must be the root user or have the GRANT OPTION MariaDB privilege.

Create a database user account

  1. Create a new database user in MariaDB to serve as the Immuta system account. Immuta will use this system account continuously to crawl the database you register. How you create this user depends on your database authentication method. Follow the instructions linked below to create this user:

    1. Password authentication: Follow the MariaDB documentation to create the database user in and assign that user a password.

    2. IAM database authentication:

      1. Create the database user in MariaDB.

      2. Create an IAM policy for IAM database authentication.

      3. Create the database account.

  2. Grant this account the following MariaDB privileges. A sample command that provides all these privileges to all databases and views is provided below:

    1. SHOW DATABASES on all databases in the server

    2. SELECT on all databases, tables, and views in the server

    3. SHOW VIEW on all views in the server

    GRANT SELECT, SHOW DATABASES, SHOW VIEW ON *.* TO ''@'%';

Register a MariaDB connection

  1. In Immuta, click Data and select Connections in the navigation menu.

  2. Click the + Add Connection button.

  3. Select the MariaDB tile.

  4. Select RDS as the deployment method.

  5. Enter the host connection information:

    1. Display Name: This is the name of your new connection. This name will be used in the API (connectionKey), in data source names from the host, and on the connections page.

    2. Hostname: URL of your MariaDB instance.

    3. Port: Port configured with MariaDB.

    4. Region: The region of the AWS account with your MariaDB instance.

  6. Select an authentication method from the dropdown menu.

    1. AWS Access Key: Provide the access key ID and secret access key for the database account you created above.

    2. AWS Assumed Role (recommended): Immuta will assume this IAM role from Immuta's AWS account to request that it can use to perform operations in the registered MariaDB database. Before proceeding, contact your Immuta representative and provide your service principal's IAM role. Immuta will allowlist the service principal so that Immuta can successfully assume that role. Your Immuta representative will provide the account to add to your trust relationship. Then, complete the steps below.

      1. Enter the Role ARN of the database account you created above.

      2. Set the external ID provided in a condition on the trust relationship for the role specified above. See the AWS documentation for guidance.

    3. Username and Password: Enter the credentials for the MariaDB database user account you created above.

  7. Click Save connection.

PreviousMariaDBNextMariaDB Connection Reference Guide

Last updated

Was this helpful?