Using an IAM Profile

You can configure the connector to authenticate your connection through IAM authentication using the credentials stored in a chained roles profile or the Amazon EC2 instance profile.

Note:

  • The default location for the credentials file that contains chained roles profiles is ~/.aws/Credentials. The AWS_SHARED_CREDENTIALS_FILE environment variable can be used to point to a different credentials file.
  • If any of the information requested in the following steps is already a part of the profile you intend to use, that field can be left blank. If the default profile is configured on your local machine, you only need to set the Auth Type to AWS Profile.

To configure IAM authentication using a profile:

  1. To access the authentication options, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
  2. From the Auth Type drop-down list select AWS Profile.
  3. In the User field, type the user name for accessing your IDP Server.
  4. In the Password field, type the password corresponding to the user name you typed.
  5. Encrypt your credentials by selecting one of the following:
    • If the credentials are used only by the current Windows user, select Current User Only.
    • Or, if the credentials are used by all users on the current Windows machine, select All Users Of This Machine.
  6. If the ID and region of the Redshift server cluster are not already provided through the Server field, then do the following:
    1. In the Cluster ID field, type the ID for the Redshift server cluster.
    2. In the Region field, type the region for the Redshift server cluster.
  7. In the DbUser field, type the ID that you want to designate to the Redshift user.
  8. If the ID you entered in the DbUser field does not already exist in your Redshift account, you must create it:
    1. Select the User AutoCreate check box.
    2. In the DbGroups field, type the names of any user groups that you want the new DbUser to be added to, separated by commas.
    3. Optionally, to lowercase all DbGroups that are received from the identity provider, select the Force Lowercase check box.
  9. Optionally, in the Endpoint URL field, type the endpoint used to communicate with the Redshift cluster.
  10. Optionally, in the STS Endpoint URL field, type the endpoint used to communicate with the AWS Security Token Service (AWS STS).
  11. Optionally, in the AuthProfile field, type the authentication profile you want to use to manage the connection settings, then do the following:
    1. In the AccessKeyID field, type your Redshift access key ID.
    2. In the SecretAccessKey field, type your Redshift secret key.
  12. Optionally, to use group federation, select the Group Federation checkbox.
  13. Specify the profile that contains your credentials:
    • To use a chained roles profile, type the name of the profile in the Profile Name field, and leave the Use Instance Profile check box clear.
    • Or, to use the Amazon EC2 instance profile, select the Use Instance Profile check box.

    Note:

    If you configure both options, the Use Instance Profile option takes precedence and the connector uses the Amazon EC2 instance profile.

  14. To save your settings and close the dialog box, click OK.

Related topics