Service Connector Hub Overview

Service Connector Hub is a cloud message bus platform that offers a single pane of glass for describing, executing, and monitoring movement of data between services in Oracle Cloud Infrastructure.

Note

Service Connector Hub is not available in Oracle Cloud Infrastructure Government Cloud realms.

How Service Connector Hub Works

Service Connector Hub orchestrates data movement between services in Oracle Cloud Infrastructure.

Data is moved using service connectors. A service connector specifies the source service that contains the data to be moved, tasks to run on the data, and the target service for delivery of data when tasks are complete.

Service Connector Hub Concepts

The following concepts are essential to working with Service Connector Hub.

service connector

The definition of the data to be moved. Specifies a source service , target service , and optional tasks .

source

The service containing the data to be moved according to specified tasks . Example: Logging.

target

The service receiving the data from the source, according to specified tasks . A given target service may process, store, or deliver received data. Functions processes received data while Monitoring, Object Storage, and Streaming store received data. Notifications delivers received data.

task

Optional filtering to apply to the data before moving it from the source service  to the target service .

trigger

The condition that must be met for the service connector  to run. Currently the trigger is continuous; that is, service connectors run continuously.

Flow of Data

When a service connector runs, it receives data from the source service, completes optional tasks on the data (such as filtering), and then moves the data to the target service.

This image shows how Service Connector Hub moves data from the source service to the target service, with tasks applied in between.

Availability

The Service Connector Hub service is available in all Oracle Cloud Infrastructure commercial regions. See About Regions and Availability Domains for the list of available regions, along with associated locations, region identifiers, region keys, and availability domains.

Resource Identifiers

Most types of Oracle Cloud Infrastructure resources have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID). For information about the OCID format and other ways to identify your resources, see Resource Identifiers.

Ways to Access Service Connector Hub

You can access the Service Connector Hub service using the Console (a browser-based interface) or the REST API. Instructions for the Console and API are included in topics throughout this guide. For a list of available SDKs, see Software Development Kits and Command Line Interface.

Console: To access Service Connector Hub using the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You will be prompted to enter your cloud tenant, your user name, and your password. Open the navigation menu. Under Data and AI, click Service Connector Hub.

You can also access Service Connector Hub from Logging in the Console: Open the navigation menu. Open the navigation menu. Under Solutions and Platform, go to Logging, and then click Service Connectors (or go to Logging and then click Service Connectors on the left).

API: To access Service Connector Hub through API, use Service Connector Hub API. To access this API using the Command Line Interface (CLI), use the designation for service connectors: oci sch service-connector.

Authentication and Authorization

Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up groups , compartments , and policies  that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.

If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.

Access to Service Connector Hub

Administrators: For common policies that give groups access to Service Connector Hub, see Allow a group to manage service connectors.

Write Access to Target Services

Note

Make sure any policy you create complies with your company guidelines.

To move data, you must give your service connector the required authorization to write to the specified target resource in the target service . (Service connectors can read all supported source services .)

A default policy providing the required authorization is offered when you use the Console to define the target service for a service connector. This policy is limited to the context of the service connector. You can either accept this default policy or make sure you have the proper authorizations in a group-based policy.

Default Policies for Target Services

This section details the default policies offered when you define a target service  in a new or updated service connector in the Console.

Functions

Where this policy is created: The compartment where the function resides. The function is selected when you create or edit service connector.

ALLOW any-user TO use fn-function IN COMPARTMENT ID <target_function_compartment_OCID>
WHERE ALL {
    request.principal.type='serviceconnector',     
    request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
ALLOW any-user TO use fn-invocation IN COMPARTMENT ID <target_function_compartment_OCID>
WHERE ALL {
    request.principal.type='serviceconnector',     
    request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
Monitoring

Where this policy is created: The compartment where the metric namespace resides. The metric namespace is selected or entered when you create or edit a service connector.

ALLOW any-user TO use metrics IN COMPARTMENT ID <target_metric_compartment_OCID>
WHERE ALL {
    request.principal.type='serviceconnector',
    target.metrics.namespace='<metric_namespace>',
    request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
Notifications

Where this policy is created: The compartment where the topic resides. The topic is selected when you create or edit service connector.

ALLOW any-user TO use ons-topics IN COMPARTMENT ID <target_topic_compartment_OCID>
WHERE ALL {
    request.principal.type= 'serviceconnector',
    request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
Object Storage

Where this policy is created: The compartment where the bucket resides. The bucket is selected when you create or edit service connector.

ALLOW any-user TO manage objects IN COMPARTMENT ID <target_bucket_compartment_OCID> 
WHERE ALL {
    request.principal.type='serviceconnector',
    target.bucket.name='<bucket_name>',          
    request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
Streaming

Where this policy is created: The compartment where the stream resides. The stream is selected when you create or edit service connector.

ALLOW any-user TO use stream-push IN COMPARTMENT ID <target_stream_compartment_OCID>
WHERE ALL {
    request.principal.type='serviceconnector',
    target.stream.id='<stream_OCID>',
    request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}

When reviewing group-based policies for required authorization to write to a target service, reference the default policy offered for that target service (see previous section) or see the policy details for the target service at Policy Reference.

Note

To accept the default policy for an existing service connector, simply edit the service connector. The default policy is offered whenever you create or edit a service connector (the only exception is when the exact policy already exists in IAM, in which case the default policy is not offered).

For troubleshooting information, see Troubleshooting Service Connectors.