Redshift Connection

The Redshift Connection tab contains the following sections: General and Redshift Connection.

General

In the General panel of Redshift Connection Editor, you can specify the package that stores the Redshift Connection shared resource, and the name and description of the shared resource.

The following fields are included in the General panel:

Field	Module property?	Description
Package	No	The name of the package where the shared resource is added.
Name	No	The name to be displayed as the label for the shared resource in the process.
Description	No	A short description for the shared resource.

Redshift Connection

In the Redshift Connection panel, you can specify the connection details to establish a connection with Amazon Redshift.

The following fields are included in the Redshift Connection panel:

Condition Applicable	Field	Module Property?	Description
N/A	AWS Region	Yes	The AWS region in which the cluster is located.
N/A	Authentication Type	Yes	Select an authentication mechanism. In this version, the following authentication types are supported: Username/Password SAML Authentication Default Credentials Provider Chain Container Credentials To use Container Credentials, you must 1. Configure the application with other Authentication types such as Username/Password, SAML Authentication, or Default Credentials Provider Chain in the Studio before creating an EAR. 2. Select the Container Credentials authentication type to run the EAR. Note: Container Credentials do not support downloading the schema during connection resource configuration. Also, for information about Amazon ECS container credentials, see AWS documentation.
N/A	Database	Yes	It is the name of the database where the plug-in activities are performed.
N/A	Username	Yes	Enter the username of the account to be used for authentication.
This field is enabled only when the Authentication Type is `SAML Authentication` and the Provider is `Okta`.	Password	Yes	Enter the password of the account to be used for authentication.
Available only when the Authentication Type is selected as SAML Authentication.	Identity Provider	No	Select the provider for a particular Authentication Type. In this version, the following authentication providers are available: Okta
	Identity Provider Login	Yes	The user should provide the embedded URL on the Okta SSO app. `https://<okta_account_name>.okta.com/home/<app_name>/app_id` This field is enabled only when the Authentication Type is `SAML Authentication` and the Provider is `Okta`.
N/A	Cluster Name	Yes	It is the Name of the Redshift cluster.
Available only when the Authentication Type is selected as Username/Password.	Access Key	Yes	An AWS access key of the user who accesses Redshift and S3 services. It is enabled for basic authentication.
	Secret Key	Yes	The secret key of the user who accesses Redshift and S3 services. It is enabled for basic authentication.
N/A	Role ARN	Yes	The Amazon Resource Names (ARN) of the role associated with the Redshift cluster. The AWS documentation reference on Redshift for necessary permissions to be associated with the role can load data to and read data from S3 buckets and perform operation on the Redshift cluster and the Redshift Data API.
Available only when the Authentication Type is selected as SAML Authentication.	Principal ARN	Yes	The ARN of the Okta identity provider.
	Token Expiration Duration	Yes	The validity period of session token. Default value is 60 min.
Available only when the Authentication Type is selected as Username/Password, Default Credentials Provider Chain, or Container Credentials.	Role Session Name	Yes	Unique session name.

Amazon Connection Advanced Configuration

The following table describes the fields in the Amazon Connection Advanced Configuration tab of the Amazon Redshift shared resource:

The following table describes the fields:

Field	Module Property?	Description
Connection Timeout in seconds	Yes	Number of milliseconds that the attempt to create an AWS client connection waits before timing out Defaults to 10 seconds
Client Execution Timeout	Yes	Default HTTP timeout for all requests made on this connection Disabled by default: 0 seconds
Max. Error Retry	Yes	Number of retries the AWS client attempts for HTTP error code 5xx before reporting an error
Request Timeout in seconds	Yes	Number of milliseconds any request can take before being timed out. A request may constitute several individual HTTP requests. This is the difference between this setting and the ClientExecutionTimeout setting. Disabled by default: 0

User Privileges

The following table lists permissions and resources for the user role associated with Redshift:

Permissions	Resources
All permissions for Redshift	Redshift Cluster Database user Database user groups used in plug-in operations Full access to Amazon S3 (minimum of read and write)
All permissions on Redshift Data API

Permissions

Resources

All permissions for Redshift

Redshift Cluster

Database user

Database user groups used in plug-in operations

Full access to Amazon S3 (minimum of read and write)

All permissions on Redshift Data API

The resources must include all buckets and sub-directories of buckets to be used in the Redshift operation.

SAML Authentication

In case of SAML authentication with Okta as identity provider, the role must have the necessary permissions to work with S3, Redshift Cluster, and Redshift Data API.

In the given Redshift cluster, users must have the following required database privileges:

Group names defined in Redshift must match the group names in the identity provider.

Usage permission for all schemas to for which they must have access.

All permissions on the tables within the schema (Minimum of CREATE, SELECT, and DELETE).

The users who are not the owners of the database objects must be explicitly granted the above permissions on the tables they access.

Note: When the test connection displays a FATAL error on providing new user credentials in the Username and Password fields, the IAM user must be added to the database in the Redshift Cluster.

Did you find this helpful?

Yes No