Using an IAM Profile

You can configure the connector to authenticate your connection through IAM authentication using the credentials stored in a chained roles profile or the Amazon EC2 instance profile.

Note:
  • The default location for the credentials file that contains chained roles profiles is ~/.aws/Credentials. The AWS_SHARED_CREDENTIALS_FILE environment variable can be used to point to a different credentials file.
  • If any of the information requested in the following steps is already a part of the profile you intend to use, that property can be omitted. If the default profile is configured on your local machine, you do not need to set any of these properties.

To configure IAM authentication using a profile:

  1. Set the UID property to an appropriate user name for accessing the Redshift server.
  2. Set the PWD property to the password corresponding to the user name you provided above.
  3. Set the IAM property to 1.
  4. If the ID and region of the Redshift server cluster are not already provided through the Server property, then do the following:
    1. Set the ClusterID property to the ID for the Redshift server cluster.
    2. Set the Region property to the region for the Redshift server cluster.
  5. Set the DbUser property to the ID that you want to designate to the Redshift user.
  6. If the ID you specified for the DbUser property does not already exist in your Redshift account, you must create it:
    1. Set the AutoCreate property to 1.
    2. Set the DbGroups property to the names of any user groups that you want the new DbUser to be added to, separated by commas.
    3. Optionally, to lowercase all DbGroups that are received from the identity provider, select the Force Lowercase check box.
  7. Optionally, set the EndpointUrl property to the endpoint used to communicate with the Redshift cluster.
  8. Optionally, set the StsEndpointUrl property to the endpoint used to communicate with the AWS Security Token Service (AWS STS).

  9. Optionally, set the VpcEndpointUrl property to the endpoint used to communicate with the Redshift cluster.

  10. Optionally, set the AuthProfile property to the authentication profile you want to use to manage the connection settings, then do the following: 
    1. Set the AccessKeyID property to your Redshift access key ID.
    2. Set the SecretAccessKey property to your Redshift secret key.
  11. Optionally, set the group_federation property to 1 to enable group federation.
  12. Specify the profile that contains your credentials:
    • To use a chained roles profile, set the Profile property to the name of the profile, and then either set the InstanceProfile property to 0 or make sure that it is not set at all.
    • Or, to use the Amazon EC2 instance profile, set the InstanceProfile property to 1.
    Note:

    If both properties are set, InstanceProfile takes precedence and the connector uses the Amazon EC2 instance profile.