Redshift Connection

The Redshift Connection tab contains the following sections: General and Redshift Connection.

General

In the General panel of Redshift Connection Editor, you can specify the package that stores the Redshift Connection Connection shared resource, and the name and description of the shared resource.

The following fields are included in the General panel:

Field Module Property? Description
Package No

The name of the package where the shared resource is added.
Name No The name to be displayed as the label for the shared resource in the process.
Description No A short description for the shared resource.

Redshift Connection

In the Redshift Connection panel, you can specify the connection details to establish a connection with Amazon Redshift.

The following fields are included in the Redshift Connection panel:

Field Module Property? Description
Authentication type No

Select authentication mechanism. In this version, the following authentication types are supported:

  • Username/Password

  • Federated Authentication And SSO
Provider No Select the provider for a particular Authentication Type. In this version, the following authentication providers are available:

  • Redshift

  • Okta
Database Yes It is the Name of the database where the plug-in activities are performed.
Username Yes Enter the user name of the account to be used for authentication.
Password Yes

Enter the password of the account to be used for authentication.
This field is enabled only when the Authentication Type is Federated Authentication And SSO and the Provider is Okta.
Okta Endpoint URL Yes

The user should provide the embedded URL on the Okta SSO app.
https://<okta_account_name>.okta.com/home/<app_name>/app_id

This field is enabled only when the Authentication Type is Federated Authentication And SSO and the Provider is Okta.
Cluster Name Yes It is the Name of the Redshift cluster.
Access Key Yes An AWS access key of the user who accesses Redshift and S3 services. It is enabled for basic authentication.
Secret Key Yes The secret key of the user who accesses Redshift and S3 services. It is enabled for basic authentication.
Role ARN Yes

The Amazon Resource Names (ARN) of the role associated with the Redshift cluster. The AWS documentation reference on Redshift for necessary permissions to be associated with the role can load data to and read data from S3 buckets and perform operation on the Redshift cluster and the Redshift Data API.
Principal ARN Yes The ARN of the Okta identity provider.
AWS Region Yes The AWS region in which cluster is located.
AWS Session Name Yes Unique session name.

User Privileges

The following table lists permissions and resources for the user role associated with Redshift:

Permissions Resources
All permissions for Redshift

  • Redshift Cluster

  • Database user

  • Database user groups used in plug-in operations

  • Full access to Amazon S3 (minimum of read and write)

All permissions on Redshift Data API

The resources must include all buckets and sub-directories of buckets to be used in the Redshift operation.

SAML authentication

In case of SAML authentication with Okta as identity provider, the role must have necessary permissions to work with S3, Redshift Cluster, and Redshift Data API.

In the given Redshift cluster, users must have the following required database privileges:

  • Group names defined in Redshift must match the group names in the identity provider.

  • Usage permission for all schemas to for which they must want have access.

  • All permissions on the tables within the schema (Minimum of CREATE, SELECT, and DELETE).

  • The users who are not the owners of the database objects must be explicitly granted the above permissions on the tables they access.

Note: When the test connection displays a FATAL error on providing new user credentials in the Username and Password fields, the IAM user must be added to the database in Redshift Cluster.