Using a JSON Web Token (JWT)

You can configure the connector to authenticate your connection by using a token obtained from the web identity provider.

To configure IAM authentication using a JWT:

  1. To access the IAM authentication options, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
  2. From the Auth Type drop-down list, select Identity Provider: JWT or JWT IAM Auth Plugin.

  3. Optionally, if the ID and region of the Redshift server cluster are not already provided through the Server field, then do the following:
    a. In the Cluster ID field, type the ID for the Redshift server cluster.
    b. In the Region field, type the region for the Redshift server cluster.

  4. Optionally, in the DbUser field, type the ID that you want to designate to the Redshift user.

  5. Optionally, if the ID you entered in the DbUser field does not already exist in your Redshift account, you must create it:
    a. Select the User AutoCreate check box.
    b. In the DbGroups field, type the names of any user groups that you want the new DbUser to be added to, separated by commas.
    c. Optionally, to lowercase all DbGroups that are received from the identity provider, select the Force Lowercase check box.

  6. Optionally, in the Endpoint URL field, type the endpoint used to retrieve the Redshift cluster's credentials.
  7. Optionally, in the STS Endpoint URL field, type the endpoint used to communicate with the AWS Security Token Service (AWS STS).
  8. Optionally, in the VPC Endpoint URL field, type the endpoint used to communicate with the Redshift cluster.
  9. Optionally, in the AuthProfile field, type the authentication profile you want to use to manage the connection settings, then do the following:
    1. In the AccessKeyID field, type your Redshift access key ID.
    2. In the SecretAccessKey field, type your Redshift secret key.
  10. In the Web Identity Token field, type the token that is provided by the identity provider.
  11. Optionally, to use group federation, select the Group Federation checkbox.
  12. Optionally, in the Role ARN field, type the Amazon Resource Name (ARN) of the role.
  13. Optionally, in the Role Session Name field, type the name of the assumed role session.
  14. Optionally, in the Duration field, type the duration of the role session, in seconds.
  15. Optionally, in the Provider Name field, type the name of the authentication provider created from the CREATE IDENTITY PROVIDER query.
  16. To save your settings and close the dialog box, click OK.