Prepare for authentication

You can configure Default and Redshift IAM Authentication via AssumeRole authentication types in an Amazon Redshift V2 connection to connect to Amazon Redshift. Additionally, you need to complete the S3 staging prerequisites to access S3 resources. You can also configure encryption, if required, to connect to Amazon Redshift.

See the following sections for a summary of the authentication, staging, and encryption prerequisites.

Authentication prerequisites

Before you begin, you need to have a registered user account with Amazon Redshift.

Get the minimum required details from your Amazon Redshift account from the AWS Console for the authentication type that you want to configure, as listed in the following table:

Default authentication	Redshift IAM Authentication via Assume Role
- JDBC URL - User name - Password	- JDBC URL - User name - Database name - Cluster identifier - Redshift IAM role ARN*
*To use the Redshift IAM role ARN, configure the Redshift IAM role ARN with the required trust policies to generate temporary security credentials to access Amazon Redshift. For instructions, see Configure an assume role for Amazon Redshift.

Staging prerequisites

To enable staging on Amazon S3 and to gain access to S3 resources when you read or write data, you need to configure the staging properties in the Amazon Redshift V2 connection.

Note: If you do not require staging for the read operation, you can ignore the staging properties in the connection. You need to select the Direct mode in the Source transformation properties. Data Integration directly accesses and retrieves the data from Amazon Redshift without staging the data.

The following table summarizes the staging options that you can configure in the connection for both default and Redshift IAM Authentication via AssumeRole authentication and the tasks that you need to perform to get the required details for S3 staging:

S3 staging options	Tasks
Generate temporary credentials for the IAM user who assumes the S3 IAM role to access S3 staging.	AWS configurations Enable IAM users to assume an S3 IAM role and generate temporary credentials. For instructions, see the following references: - Generate temporary security credentials using AssumeRole for Amazon S3 staging. - Using an assume role for Amazon S3 resources How-To Library article. Redshift V2 connection configurations - Enter the value of the S3 IAM Role ARN. - Enter the S3 Access Key ID and S3 Secret Access Key values.
Generate temporary security credentials for an EC2 instance that assumes an S3 IAM role to access S3 staging.	AWS configurations Define an EC2 instance to assume an S3 IAM role and generate the temporary credentials for S3 staging. For instructions, see Generate temporary security credentials using AssumeRole for EC2. Redshift V2 connection configurations Configure the following minimum required properties: - Enable Use EC2 Role to Assume Role. - Enter the value of the S3 IAM Role ARN.
Generate the S3 access and secret access keys for the IAM user with access to the S3 bucket.	AWS configurations To generate the credentials, perform the following tasks: 1Create a minimal Amazon IAM policy. 2Create an IAM user, assign the policy to that user, and then generate the S3 access key ID and S3 secret access key in the AWS console. For more information about how to create an IAM user and generate keys, see the AWS documentation. Redshift V2 connection configurations Enter the S3 Access Key ID and S3 Secret Access Key values.
Configure IAM authentication	AWS configurations If you have an EC2 instance, and do not want to specify the keys or use the IAM role ARN, then assign the minimum policy to the EC2 with access to the S3 bucket. For instructions, see Configure IAM authentication. Redshift V2 connection configurations In this case, you do not need to enable or specify any of the staging properties in the connection. However, before you run the mapping, specify the Redshift role assigned to the Redshift cluster in the UnloadOptions and CopyOptions Property File fields in the mapping.

Encryption prerequisites

To configure client-side and server-side encryption for the Default authentication and Redshift IAM authentication via AssumeRole during staging, see Enable encryption.