Connections > Amazon Redshift V2 connection properties > Prepare for authentication
  

Prepare for authentication

You can configure Default and Redshift IAM Authentication via AssumeRole authentication types in an Amazon Redshift V2 connection to connect to Amazon Redshift. Additionally, you need to complete the S3 staging prerequisites to access S3 resources. You can also configure encryption, if required, to connect to Amazon Redshift.
Note: Application ingestion and replication and database ingestion and replication tasks do not support Redshift IAM authentication via AssumeRole unless you use an EC2 instance to assume the role.
See the following sections for a summary of the authentication, staging, and encryption prerequisites.

Authentication prerequisites

Before you begin, you need to have a registered user account with Amazon Redshift.
Get the minimum required details from your Amazon Redshift account from the AWS Console for the authentication type that you want to configure, as listed in the following table:
Default authentication
Redshift IAM Authentication via Assume Role
  • - JDBC URL
  • - User name
  • - Password
  • - JDBC URL
  • - User name
  • - Database name
  • - Cluster identifier
  • - Redshift IAM role ARN*
*To use the Redshift IAM role ARN, configure the Redshift IAM role ARN with the required trust policies to generate temporary security credentials to access Amazon Redshift.
For instructions, see Configure an assume role for Amazon Redshift.

Staging prerequisites

To enable staging on Amazon S3 and to gain access to S3 resources when you read or write data, you need to configure the staging properties in the Amazon Redshift V2 connection.
The following table summarizes the staging options that you can configure in the connection for both default and Redshift IAM Authentication via AssumeRole authentication and the tasks that you need to perform to get the required details for S3 staging:
S3 staging options
Tasks
Generate temporary credentials for the IAM user who assumes the S3 IAM role to access S3 staging.
AWS configurations
Enable IAM users to assume an S3 IAM role and generate temporary credentials.
For instructions, see the following references:
Redshift V2 connection configurations
  • - Enter the value of the S3 IAM Role ARN.
  • - Enter the S3 Access Key ID and S3 Secret Access Key values.
Generate temporary security credentials for an EC2 instance that assumes an S3 IAM role to access S3 staging.
AWS configurations
Define an EC2 instance to assume an S3 IAM role and generate the temporary credentials for S3 staging.
For instructions, see Generate temporary security credentials using AssumeRole for EC2.
Redshift V2 connection configurations
Configure the following minimum required properties:
  • - Enable Use EC2 Role to Assume Role.
  • - Enter the value of the S3 IAM Role ARN.
Generate the S3 access and secret access keys for the IAM user with access to the S3 bucket.
AWS configurations
To generate the credentials, perform the following tasks:
  1. 1Create a minimal Amazon IAM policy.
  2. 2Create an IAM user, assign the policy to that user, and then generate the S3 access key ID and S3 secret access key in the AWS console.
    3. For more information about how to create an IAM user and generate keys, see the AWS documentation.
Redshift V2 connection configurations
Enter the S3 Access Key ID and S3 Secret Access Key values.
Configure IAM authentication
AWS configurations
If you have an EC2 instance, and do not want to specify the keys or use the IAM role ARN, then assign the minimum policy to the EC2 with access to the S3 bucket.
For instructions, see Configure IAM authentication.
Redshift V2 connection configurations
In this case, you do not need to enable or specify any of the staging properties in the connection.

Encryption prerequisites

To configure client-side and server-side encryption for the Default authentication and Redshift IAM authentication via AssumeRole during staging, see Enable encryption.