Property | Description |
---|---|
Connection Name | Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _. + -, Maximum length is 255 characters. |
Description | Description of the connection. Maximum length is 4000 characters. |
Type | Amazon Redshift V2 |
Use Secret Vault | Stores sensitive credentials for this connection in the secrets manager that is configured for your organization. This property appears only if secrets manager is set up for your organization. This property is not supported by Data Ingestion and Replication. When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured. For information about how to configure and use a secrets manager, see Secrets manager configuration. |
Runtime Environment | Name of the runtime environment where you want to run tasks. Select a Secure Agent, Hosted Agent, or serverless runtime environment. You cannot run an application ingestion and replication task, database ingestion and replication task, file ingestion and replication task, or streaming ingestion and replication task on a Hosted Agent or serverless runtime environment. Note: Hosted Agent doesn't apply for mappings that run on an advanced cluster. You also cannot use the Hosted Agent for IAM authentication and EC2 AssumeRole authentication. |
Properties | Description |
---|---|
JDBC URL | The JDBC URL to connect to the Amazon Redshift cluster. You can get the JDBC URL from your Amazon AWS Redshift cluster configuration page. Enter the JDBC URL in the following format: jdbc:redshift://<cluster_endpoint>:<port_number>/<database_name>, where the endpoint includes the Redshift cluster name and region. For example, jdbc:redshift://infa-rs-cluster.abc.us-west-2.redshift.amazonaws.com:5439/rsdb In the example,
|
Username | User name of your database instance in the Amazon Redshift cluster. |
Password | Password of the Amazon Redshift database user. |
Use EC2 Role to Assume Role | Enables the EC2 instance that assumes an S3 IAM role to access the S3 resources to stage data using the temporary security credentials. The EC2 role must have a policy attached with permissions to assume an S3 IAM role. The S3 IAM role and the EC2 instance can be in the same or different AWS account. Select the check box to enable the EC2 role to assume an S3 IAM role specified in the S3 IAM Role ARN option to access the S3 resources for staging data. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. By default, this check box is not selected. For instructions, see Generate temporary security credentials using AssumeRole for EC2. |
S3 IAM Role ARN | The Amazon Resource Number (ARN) of the IAM role assumed by the IAM user or EC2 to use the dynamically generated temporary security credentials to stage data in Amazon S3. This property applies when you want to generate temporary security credentials to access the S3 staging buckets by using either the EC2 instance or the IAM user who assumes the S3 IAM role. Specify the S3 IAM role name to use the temporary security credentials to access the Amazon S3 staging bucket. For more information about how to get the ARN of the S3 IAM role, see the AWS documentation. Note: If you use the connection for application ingestion and replication or database ingestion and replication tasks that use role-based authentication, but not the default role for the AWS cluster, specify an IAM role ARN. If you use the default role, leave this field blank. |
Properties | Description |
---|---|
S3 Access Key ID | Access key of the IAM user to access the Amazon S3 staging bucket. Enter the access key ID when you use the following methods for S3 staging:
You do not need to enter the S3 access key ID if you use IAM authentication or the assume role for EC2 to access S3. Note: If you use the connection for application ingestion and replication or database ingestion and replication tasks that use key-based authentication, provide the access key value. |
S3 Secret Access Key | Secret access key to access the Amazon S3 staging bucket. The secret key is associated with the access key and uniquely identifies the account. Enter the secret access key value when you use following methods for S3 staging:
You do not need to enter the S3 secret access key if you use IAM authentication or the assume role for EC2 to access S3. Note: If you use the connection for application ingestion and replication or database ingestion and replication tasks that use key-based authentication, provide the access key value. |
S3 VPC Endpoint Type1 | The type of Amazon Virtual Private Cloud endpoint for Amazon S3. You can use a VPC endpoint to enable private communication with Amazon S3. Select one of the following options:
|
Endpoint DNS Name for Amazon S31 | The DNS name for the Amazon S3 interface endpoint. Replace the asterisk symbol with the bucket keyword in the DNS name. Enter the DNS name in the following format: bucket.<DNS name of the interface endpoint> For example, bucket.vpce-s3.us-west-2.vpce.amazonaws.com |
STS VPC Endpoint Type1 | The type of Amazon Virtual Private Cloud endpoint for AWS Security Token Service. You can use a VPC endpoint to enable private communication with Amazon Security Token Service. Select one of the following options:
|
Endpoint DNS Name for AWS STS1 | The DNS name for the AWS STS interface endpoint. For example, vpce-01f22cc14558c241f-s8039x4c.sts.us-west-2.vpce.amazonaws.com |
KMS VPC Endpoint Type1 | The type of Amazon Virtual Private Cloud endpoint for AWS Key Management Service. You can use a VPC endpoint to enable private communication with Amazon Key Management Service. Select one of the following options:
|
Endpoint DNS Name for AWS KMS1 | The DNS name for the AWS KMS interface endpoint. For example, vpce-0e722f5c721e19232-g2pkm2r7.kms.us-west-2.vpce.amazonaws.com |
External ID | The external ID associated with the IAM role. You can specify the external ID if you want to provide a more secure access to the Amazon S3 bucket. The Amazon S3 staging bucket and the IAM role can be in the same or different AWS accounts. If required, you also have the option to specify the external ID in the AssumeRole request to the AWS Security Token Service (STS) using an external ID condition in the assumed IAM role's trust policy. For more information about using an external ID, see External ID when granting access to your AWS resources. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. |
Cluster Region | The AWS cluster region in which the Redshift cluster resides. Select the cluster region from the list if you choose to provide a custom JDBC URL with a different cluster region from that specified in the JDBC URL field property. To continue to use the cluster region name specified in the JDBC URL field property, select None as the cluster region in this property. You can only read data from or write data to the cluster regions supported by the AWS SDK. Select one of the following cluster regions: None Asia Pacific(Mumbai) Asia Pacific(Seoul) Asia Pacific(Singapore) Asia Pacific(Sydney) Asia Pacific(Tokyo) Asia Pacific(Hong Kong) AWS GovCloud (US) AWS GovCloud (US-East) Canada(Central) China(Bejing) China(Ningxia) EU(Ireland) EU(Frankfurt) EU(Paris) EU(Stockholm) South America(Sao Paulo) Middle East(Bahrain) US East(N. Virginia) US East(Ohio) US West(N. California) US West(Oregon) Default is None. Note: A region value is required for application ingestion and replication tasks and database ingestion and replication tasks. |
Connection Environment SQL | The SQL statement to set up the database environment that applies for the entire session. Separate multiple values with a semicolon (;). Specify only the configurations for the database environment in the SQL statement. Do not specify any DDL or DML commands in the SQL statement. |
Master Symmetric Key1 | A 256-bit AES encryption key in the Base64 format that enables client-side encryption to encrypt your data before you send them for staging in Amazon S3. For more information, see Enable encryption. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. |
Customer Master Key ID | The customer master key ID generated by AWS Key Management Service (AWS KMS) or the ARN of your custom key for cross-account access when you stage data in Amazon S3. The customer master key serves to encrypt your data at the destination before they are saved in Amazon S3. You can either enter the customer-generated customer master key ID or the default customer master key ID. You can use a cross account KMS key in a connection in a mapping in advanced mode. The cluster and the staging bucket needs to be in the same region. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. |
1Doesn't apply to mappings in advanced mode. |
Properties | Description |
---|---|
JDBC URL | The JDBC URL to connect to the Amazon Redshift cluster. You can get the JDBC URL from your Amazon AWS Redshift cluster configuration page. Enter the JDBC URL in the following format: jdbc:redshift://<cluster_endpoint>:<port_number>/<database_name>, where the endpoint includes the Redshift cluster name and region. For example, jdbc:redshift://infa-rs-cluster.abc.us-west-2.redshift.amazonaws.com:5439/rsdb In the example,
|
Username | User name of your database instance in the Amazon Redshift cluster. |
Cluster Identifier | The unique identifier of the cluster that hosts Amazon Redshift. Specify the Amazon Redshift cluster name. |
Database Name | Name of the Amazon Redshift database where the tables that you want to access are stored. |
Redshift IAM Role ARN | The Amazon Resource Number (ARN) of the IAM role assumed by EC2 to use the dynamically generated temporary security credentials to access Amazon Redshift. Enter the Redshift IAM role ARN to access the Amazon Redshift cluster. |
Use EC2 Role to Assume Role | Enables the EC2 role to assume an IAM role, either to connect to Redshift or to stage data using the temporary security credentials:
The EC2 role must have a policy attached with permissions to assume a Redshift IAM role from the same or different account.
The EC2 role must have a policy attached with permissions to assume an S3 IAM role from the same or different AWS account. |
S3 IAM Role ARN | The Amazon Resource Number (ARN) of the S3 IAM role assumed by the IAM user or EC2 to use the dynamically generated temporary security credentials to stage data in Amazon S3. This property applies when you want to generate the temporary security credentials to access the S3 staging buckets by using either the EC2 instance or the IAM user who assumes the S3 IAM role. Specify the S3 IAM role name to use the temporary security credentials to access the Amazon S3 staging bucket. For more information about how to get the ARN of the IAM role, see the AWS documentation. Note: If you use the connection for application ingestion and replication or database ingestion and replication tasks that uses role-based authentication, but not the default role for the AWS cluster, specify an IAM role ARN. If you use the default role, leave this field blank. |
Properties | Description |
---|---|
Redshift Access Key ID | The access key of the IAM user that has permissions to assume the Redshift IAM AssumeRole ARN. This property doesn't apply to Amazon Redshift AssumeRole authentication with EC2 role. |
Redshift Secret Access Key | The secret access key of the IAM user that has permissions to assume the Redshift IAM Assume Role ARN. This property doesn't apply to Amazon Redshift AssumeRole authentication with EC2 role. |
Database Group | The name of the database group to which you want to add the database user when you select the Auto Create DBUser option in this connection property. The user that you add to this database group inherits the specified group privileges. If you do not specify a database group name, the user is added to the public group and inherits its associated privileges. You can also enter multiple database groups, separated by a comma, to add the user to each of the specified database groups. |
Expiration Time | The time duration that the password for the Amazon Redshift database user expires. Specify a value between 900 seconds and 3600 seconds. Default is 900. |
Auto Create DBUser | Select to create a new Amazon Redshift database user at run time. The agent adds the user you specified in the Username field to the database group. The added user assumes the privileges assigned to the database group. Default is disabled. |
S3 Access Key ID | Access key of the IAM user to access the Amazon S3 staging bucket. Enter the access key ID when you use the following methods for S3 staging:
You do not need to enter the S3 access key ID if you use IAM authentication or the assume role for EC2 to access S3. Note: If you use the connection for application ingestion and replication or database ingestion and replication tasks that use key-based authentication, provide the access key value. |
S3 Secret Access Key | Secret access key to access the Amazon S3 staging bucket. The secret key is associated with the access key and uniquely identifies the account. Enter the secret access key value when you use following methods for S3 staging:
You do not need to enter the S3 secret access key if you use IAM authentication or the assume role for EC2 to access S3. Note: If you use the connection for application ingestion and replication or database ingestion and replication tasks that use key-based authentication, provide the access key value. |
S3 VPC Endpoint Type1 | The type of Amazon Virtual Private Cloud endpoint for Amazon S3. You can use a VPC endpoint to enable private communication with Amazon S3. Select one of the following options:
|
Endpoint DNS Name for Amazon S31 | The DNS name for the Amazon S3 interface endpoint. Replace the asterisk symbol with the bucket keyword in the DNS name. Enter the DNS name in the following format: bucket.<DNS name of the interface endpoint> For example, bucket.vpce-s3.us-west-2.vpce.amazonaws.com |
STS VPC Endpoint Type1 | The type of Amazon Virtual Private Cloud endpoint for AWS Security Token Service. You can use a VPC endpoint to enable private communication with Amazon Security Token Service. Select one of the following options:
|
Endpoint DNS Name for AWS STS1 | The DNS name for the AWS STS interface endpoint. For example, vpce-01f22cc14558c241f-s8039x4c.sts.us-west-2.vpce.amazonaws.com |
KMS VPC Endpoint Type1 | The type of Amazon Virtual Private Cloud endpoint for AWS Key Management Service. You can use a VPC endpoint to enable private communication with Amazon Key Management Service. Select one of the following options:
|
Endpoint DNS Name for AWS KMS1 | The DNS name for the AWS KMS interface endpoint. For example, vpce-0e722f5c721e19232-g2pkm2r7.kms.us-west-2.vpce.amazonaws.com |
External ID | The external ID associated with the IAM role. You can specify the external ID if you want to provide a more secure access to the Amazon S3 bucket when the Amazon S3 staging bucket is in same or different AWS accounts. If required, you also have the option to specify the external ID in the AssumeRole request to the AWS Security Token Service (STS) using an external ID condition in the assumed IAM role's trust policy. For more information about using an external ID, see External ID when granting access to your AWS resources. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. |
Cluster Region | The AWS geographical region in which the Redshift cluster resides. Select the cluster region from the list if you choose to provide a custom JDBC URL with a different cluster region from that specified in the JDBC URL field property. To continue to use the cluster region name specified in the JDBC URL field property, select None as the cluster region in this property. You can only read data from or write data to the cluster regions supported by the AWS SDK. Select one of the following cluster regions: None Asia Pacific(Mumbai) Asia Pacific(Seoul) Asia Pacific(Singapore) Asia Pacific(Sydney) Asia Pacific(Tokyo) Asia Pacific(Hong Kong) AWS GovCloud (US) AWS GovCloud (US-East) Canada(Central) China(Bejing) China(Ningxia) EU(Ireland) EU(Frankfurt) EU(Paris) EU(Stockholm) South America(Sao Paulo) Middle East(Bahrain) US East(N. Virginia) US East(Ohio) US West(N. California) US West(Oregon) Default is None. Note: A region value is required for application ingestion and replication tasks and database ingestion and replication tasks. |
Connection Environment SQL | The SQL statement to set up the database environment that applies for the entire session. Separate multiple values with a semicolon (;). Specify only the configurations for the database environment in the SQL statement. Do not specify any DDL or DML commands in the SQL statement. |
Master Symmetric Key1 | A 256-bit AES encryption key in the Base64 format that enables client-side encryption to encrypt your data before you send them for staging in Amazon S3. For more information, see Enable encryption. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. |
Customer Master Key ID | The customer master key ID generated by AWS Key Management Service (AWS KMS) or the ARN of your custom key for cross-account access when you stage data in Amazon S3. The customer master key serves to encrypt your data at the destination before they are saved in Amazon S3. You can either enter the customer-generated customer master key ID or the default customer master key ID. You can use a cross account KMS key in a connection in a mapping in advanced mode. The cluster and the staging bucket needs to be in the same region. For more information about how to configure server-side encryption, see Enable encryption. This property doesn't apply to application ingestion and replication tasks and database ingestion and replication tasks. |
1Doesn't apply to mappings in advanced mode. |