HeatWave Release Notes
This section describes how to define the dynamic group and policy required to enable your HeatWave DB System to access an OCI Object Storage bucket.
Note
It is assumed you have read the prerequisites and instructions documented here: Managing Dynamic Groups and are familiar with Oracle Cloud Infrastructure Identity and Access Management (IAM) groups and policies.
Dynamic groups allow you to group MySQL HeatWave Service DB Systems as principal actors, similar to user groups. You can then create policies to permit DB Systems in these groups to make API calls against services, such as Object Storage. Membership in the group is determined by a set of criteria called matching rules.
The following example shows a matching rule including all DB Systems in the defined compartment:
"ALL{resource.type='mysqldbsystem', resource.compartment.id = 'ocid1.compartment.oc1..alphanumericString' }"Dynamic groups require a name, description, and matching rule.
For more information, see Writing Matching Rules to Define Dynamic Groups.
Policies define what your groups can and cannot do. For HeatWave Lakehouse to access Object Storage, you must define a policy which grants the dynamic group's resources access to buckets and their contents in a specific compartment.
For example, the following policy grants the dynamic group
Lakehouse-dynamicGroup read-only access
to the buckets and objects contained in those buckets in
the compartment Lakehouse-Data:
allow dynamic-group Lakehouse-dynamicGroup to read buckets in compartment Lakehouse-Data
allow dynamic-group Lakehouse-dynamicGroup to read objects in compartment Lakehouse-DataFor more information, see Writing Policies for Dynamic Groups.