Runtime Environments > Serverless runtime environment setup in AWS > Create a VPC using a template

Create a VPC using a template

Use an AWS CloudFormation template provided by Informatica to create a VPC in your AWS account. If you have an existing VPC, you can connect that to a serverless runtime environment.

1Ask your organization administrator for an email containing the AWS CloudFormation template for Informatica Intelligent Cloud Services.

Organization administrators can generate the email by requesting a serverless configuration file in Administrator. For more information, see Requesting a serverless configuration file.

2 Use the AWS CloudFormation template to create a stack in AWS CloudFormation.

For more information, see Creating a new VPC using the AWS CloudFormation template or Connecting to an existing VPC using the AWS CloudFormation template.

3Navigate to the S3 location for the JSON file that you specified in the template.

4Download the JSON file from the S3 location to the iics-sre-config folder.

5 Share the JSON file with your organization administrator.

The organization administrator will import the file into Informatica Intelligent Cloud Services to let Informatica know that your VPC is ready to connect to the serverless runtime environment in Informatica's VPC.

6 Optionally, create the supplementary file location.

The supplementary file location stores supplementary files, such as JAR files and external libraries that developers can use to access and process data. For more information, see Creating the supplementary file location.

Creating a new VPC using the AWS CloudFormation template

When you use the AWS CloudFormation template to create a new VPC, the stack creates a VPC and all required resources and configurations to connect to the serverless runtime environment in Informatica's VPC, including subnets and an IAM role with minimal policies.

To create the stack in AWS CloudFormation, specify the stack name and configure stack parameters.

The following table describes the stack parameters:

Parameter	Description
VPC CIDR	CIDR block that specifies where to create the VPC.
Public Subnet CIDR	CIDR block that specifies where to create the public subnet. The IP range of the public subnet must be within the IP range of the VPC.
Availability Zone for Public Subnet	Availability zone where you want to create the public subnet. You can select any availability zone in the current region.
Private Subnet CIDR	CIDR block that specifies where to create the private subnet. The IP range of the private subnet must be within the IP range of the VPC.
Availability Zone for Private Subnet	Availability zone where you want to create the private subnet. You can select any availability zone in the current region.
VPC Deployment Type	Select the NAT Gateway.
Informatica Cloud Region	Region where the Informatica POD resides. You can identify the region through the URL that appears when you open any service in Informatica Intelligent Cloud Services. For example, if the URL starts with usw3.dm-us.informaticacloud.com, the POD resides in the US region.
External ID	External ID to associate with the IAM role.
AWS Tags	AWS tags to label the ENI.
Supplementary File Location	Location on Amazon S3 to store supplementary files, such as JAR files and external libraries that developers can use to access and process data.
S3 Location for JSON File	Location on Amazon S3 to generate the serverless configuration file.

Note: The stack is not created if the parameters are not valid.

AWS resources created by the stack

When you use the AWS CloudFormation template to create a VPC, the stack creates various AWS resources for you.

The following image shows the resources that the stack creates in your AWS account:

Informatica’s AWS account contains a VPC with the serverless runtime environment. The VPC in Informatica’s AWS account points to a private subnet in the VPC in your AWS account through an ENI. The private subnet in your AWS account points to a public subnet in your AWS account that is associated with a NAT gateway. The VPC in your AWS account also contains an NACL, route tables, and an internet gateway. Additionally, the environment includes an IAM role and a Lambda function.

The following table summarizes the AWS resources and resource counts that the stack creates:

AWS resource	Number of resources created
VPC	1
Security group	1
Subnets	2 1 public subnet and 1 private subnet
NAT gateway	1
Elastic IP address	1 elastic IP address attached to the NAT gateway
NACL	1
Route tables	2 1 public route table and 1 private route table
Internet gateway	1
IAM role	1

Configurations performed by the stack

When you use the AWS CloudFormation template to create a VPC, the stack performs various configurations.

The stack performs the following configurations:

•Associates the security group with the VPC and defines inbound and outbound rules.
•Adds routes to the private route table and makes the private route table the default route table for the VPC.
•Associates the NAT gateway with the public subnet for outbound traffic to the internet and assigns an elastic IP to the gateway.
•Updates the NACL inbound rules that are associated with the public subnet.
•Attaches the internet gateway to the VPC.
•Assigns the following policy to the IAM role:

{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"VisualEditor0",
"Effect":"Allow",
"Action":[
"ec2:DetachNetworkInterface",
"ec2:DeleteTags",
"ec2:DescribeTags",
"ec2:CreateTags",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSecurityGroups",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:CreateNetworkInterfacePermission",
"ec2:AttachNetworkInterface",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeSubnets",
"ec2:DescribeNetworkAcls"
],
"Resource":"*"
},
{
"Sid":"VisualEditor1",
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketAcl"
],
"Resource":[
"arn:aws:s3:::<S3 location for supplementary files>",
"arn:aws:s3:::<S3 location for supplementary files>/*"
]
}
]
}

•Creates the following trust relationship in the IAM role:

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"AWS":"arn:aws:iam::<Informatica's account number>:root"
},
"Action":"sts:AssumeRole",
"Condition":{
"StringEquals":{
"sts:ExternalId":"<external ID>"
}
}
}
]
}

Connecting to an existing VPC using the AWS CloudFormation template

You specify a template in AWS CloudFormation, and then AWS CloudFormation creates a stack based on this template.

When you log in to AWS CloudFormation, you can create a new stack. When you create the stack, you specify a template to use. This template populates the stack parameters that you need to fill in. Once the parameters are complete, AWS CloudFormation creates the stack based on the parameter values.

The following table describes the stack parameters:

Parameter	Description
VPC ID	ID of the VPC. For example, vpc-2f09a348. The stack assumes that the VPC is in the same AWS region where the stack is created.
Subnet ID	ID of the subnet within the VPC. For example, subnet-b46032ec.
Security Group ID	Optional. ID of the security group. For example, sg-e1fb8c9a.
Should Security Group be created if it does not exist?	Indicates whether the stack will create a security group if a security group doesn't exist. Select Yes or No.
Informatica Cloud Region	Region where the Informatica POD resides. You can identify the region through the URL that appears when you open any service in Informatica Intelligent Cloud Services. For example, if the URL starts with usw3.dm-us.informaticacloud.com, the POD resides in the US region.
AWS Tags	AWS tags to label the ENI.
Supplementary File Location	Location on Amazon S3 to store supplementary files, such as JAR files and external libraries for certain transformations and connectors.
S3 Location for JSON File	Location on Amazon S3 to generate the serverless configuration file.

Note: If the parameters are not valid, the stack fails to be created.

Configurations that the stack performs

The stack performs the following configurations:

•Detects the region based on the VPC ID and checks if a serverless runtime environment can connect to the region.
•Checks if the subnet exists.
•Fetches the availability zone ID from the subnet ID.
•Checks the inbound and outbound rules in the security group. If a security group is not provided or does not exist, the stack creates a security group.
•Creates an IAM role and assigns the following policy to the role:

•Creates the following trust relationship in the IAM role:

Troubleshooting the stack

How do I troubleshoot errors during stack creation in AWS CloudFormation?

Perform the following tasks:

1In AWS CloudFormation, go to the Home page.
2Select the stack that you created.
3On the Events tab, review the messages in the Status reason column.
4On the Parameters tab, review the messages in the Status reason column.

How do I view the AWS resources that the stack created?

Perform the following tasks:

1In AWS CloudFormation, go to the Home page.
2Select the stack that you created.
3Navigate to the InfaVPCStack nested stack.
4On the Resources tab, view the resources that the stack created.

How do I delete the AWS resources that the stack created?

Perform the following tasks:

1In AWS CloudFormation, go to the Home page.
2Select the stack that you created.
3Click Delete.

I tried deleting the stack that created the VPC but deletion is taking too long.

You can force deletion by deleting the VPC. Perform the following tasks:

1In AWS CloudFormation, go to the Home page.
2Select the stack that you created.
3Navigate to the InfaVPCStack nested stack.
4On the Resources tab, click the VPC link in the Physical ID column.

You're redirected to the VPC home page.

5Select the VPC to delete.
6Click Actions > Delete VPC.

If there is a warning message stating that other AWS resources need to be deleted first, manually delete the specified resources before deleting the VPC.

7Return to the stack in AWS CloudFormation and try to delete the stack again.

The serverless runtime environment in Administrator doesn't start or takes too long to start.

The parameters might not be set correctly. Verify the parameters that you input to the stack during creation. Perform the following tasks:

1In AWS CloudFormation, go to the Home page.
2Select the stack that you created.
3On the Parameters tab, click Events.
4Review the Status reason column.