To enable the DB system to access OCI services, perform the following steps in OCI:
-
Create a new dynamic group or update a dynamic group's matching rules, and the following matching rule to include all MySQL HeatWave DB systems in the defined compartment:
ALL{resource.type = 'mysqldbsystem', resource.compartment.id = 'ocid1.compartment.oc1..AlphanumericString'}
-
Add policies for the dynamic group that grant the dynamic group access to the target service's APIs:
allow dynamic-group IdentityDomainName/GroupName to use generative-ai-chat in compartment CompartmentName allow dynamic-group IdentityDomainName/GroupName to use generative-ai-text-embedding in compartment CompartmentName allow dynamic-group IdentityDomainName/GroupName to inspect generative-ai-model in compartment CompartmentName
Replace the following:
-
IdentityDomainName
: the identity domain name.NoteIf the dynamic group belongs to the default identity domain, you can omit specifying the identity domain name.
GroupName
: the dynamic group nameCompartmentID
: the compartment ID of the DB system
-
For more information, see Resource Principals.
In addition, for resource principal authentication, MySQL HeatWave
automatically sets the
rapid_ml_genai
system variable.
The default value of the variable is the compartment ID of the DB
system you are using.
To use a different compartment for accessing the OCI Generative AI
service, you can set the
rapid_ml_genai_session
system
variable to specify the ID of the compartment you want to use, as
shown below:
SET rapid_ml_genai_session = '{"compartment_id": "ocid1.compartment.oc1..AlphanumericString"}';
The compartment ID specified in the
rapid_ml_genai_session
system
variable must match the compartment ID you used to create the
dynamic group and add the OCI Generative AI Service authentication
policy.
Learn how to perform the following tasks: