Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Preface
  2. Connectors and connections
  3. Connection configuration
  4. ActiveCampaign connection properties
  5. Adabas CDC Connection Properties
  6. Adabas connection properties
  7. Adaptive Insights Connection Properties
  8. Adobe Analytics connection properties
  9. Adobe Analytics Mass Ingestion connection properties
  10. Adobe Experience Platform connection properties
  11. Advanced FTP Connection properties
  12. Advanced FTP V2 connection properties
  13. Advanced FTPS connection properties
  14. Advanced FTPS V2 connection properties
  15. Advanced SFTP connection properties
  16. Advanced SFTP V2 connection properties
  17. Amazon Athena connection properties
  18. Amazon Aurora connection properties
  19. Amazon DynamoDB connection properties
  20. Amazon DynamoDB V2 connection properties
  21. Amazon Kinesis connection properties
  22. Amazon Redshift connection properties
  23. Amazon Redshift V2 connection properties
  24. Amazon S3 connection properties
  25. Amazon S3 V2 connection properties
  26. Amplitude connection properties
  27. AMQP connection properties
  28. Anaplan V2 connection properties
  29. Ariba V2 connection properties
  30. AS2 connection properties
  31. BigMachines connection properties
  32. Birst Cloud Connect connection properties
  33. Box connection properties
  34. Business 360 connection properties
  35. Business 360 Events connection properties
  36. Business 360 FEP connection properties
  37. CallidusCloud Commissions connection properties
  38. CallidusCloud File Processor connection properties
  39. Cassandra V2 connection properties
  40. Chatter connection properties
  41. Cloud Integration Hub connection properties
  42. Concur V2 connection properties
  43. Couchbase connection properties
  44. Coupa connection properties
  45. Coupa V2 connection properties
  46. Cvent connection properties
  47. Databricks Delta connection properties
  48. Datacom CDC Connection Properties
  49. Datacom Connection Properties
  50. Db2 Data Map connection properties
  51. Db2 for i CDC connection properties
  52. Db2 for i connection properties
  53. Db2 for i Database Ingestion connection properties
  54. Db2 for LUW CDC connection properties
  55. Db2 for LUW Database Ingestion connection properties
  56. Db2 for z/OS Bulk Load connection properties
  57. Db2 for z/OS CDC connection properties
  58. Db2 for z/OS connection properties
  59. Db2 for zOS Database Ingestion connection properties
  60. Db2 for z/OS Image Copy connection properties
  61. Db2 for z/OS Unload File connection properties
  62. DB2 Loader connection properties
  63. Db2 Warehouse on Cloud connection properties
  64. Domo connection properties
  65. Dropbox connection properties
  66. Elasticsearch connection properties
  67. Eloqua Bulk API connection properties
  68. Eloqua REST connection properties
  69. FHIR connection properties
  70. File List connection properties
  71. File Processor connection properties
  72. FileIO connection properties
  73. Flat file connections
  74. FTP/SFTP connections
  75. Google Ads connection properties
  76. Google Analytics connection properties
  77. Google Analytics Mass Ingestion connection properties
  78. Google BigQuery connection properties
  79. Google BigQuery V2 connection properties
  80. Google Bigtable connection properties
  81. Google Cloud Storage connection properties
  82. Google Cloud Storage V2 connection properties
  83. Google Drive connection properties
  84. Google PubSub - Mass Ingestion Streaming connection properties
  85. Google PubSub connection properties
  86. Google PubSub V2 connection properties
  87. Google Sheets connection properties
  88. Google Sheets V2 connection properties
  89. Greenplum connection properties
  90. Hadoop connection properties
  91. Hadoop Files connection properties
  92. Hadoop Files V2 connection properties
  93. Hive connection properties
  94. HubSpot connection properties
  95. IBM MQ connection properties
  96. IDMS CDC connection properties
  97. IDMS connection properties
  98. IMS CDC Connection Properties
  99. IMS connection properties
  100. JD Edwards EnterpriseOne connection properties
  101. JDBC connection properties
  102. JDBC V2 connection properties
  103. JIRA Cloud connection properties
  104. Jira connection properties
  105. JMS connection properties
  106. JSON Target connection properties
  107. Kafka connection properties
  108. Klaviyo connection properties
  109. LDAP connection properties
  110. Magento V1 connection properties
  111. Mailchimp connection properties
  112. Marketo V3 connection properties
  113. Microsoft Access connection properties
  114. Microsoft Azure Blob Storage connection properties
  115. Microsoft Azure Blob Storage V2 connection properties
  116. Microsoft Azure Blob Storage V3 connection properties
  117. Microsoft Azure Cosmos DB SQL API connection properties
  118. Microsoft Azure Data Lake Storage Gen2 connection properties
  119. Microsoft Azure DocumentDB Connection Properties
  120. Microsoft Azure Event Hub connection properties
  121. Microsoft Azure SQL Data Warehouse - Database Ingestion connection properties
  122. Microsoft Azure SQL Data Warehouse connection properties
  123. Microsoft Azure SQL Data Warehouse V2 connection properties
  124. Microsoft Azure Synapse Analytics Database Ingestion connection properties
  125. Microsoft Azure Synapse SQL connection properties
  126. Microsoft CDM Folders V2 connection properties
  127. Microsoft Dynamics 365 for Operations connection properties
  128. Microsoft Dynamics 365 for Sales connections
  129. Microsoft Dynamics 365 Mass Ingestion connection properties
  130. Microsoft Dynamics AX V3 connection properties
  131. Microsoft Dynamics CRM connection properties
  132. Microsoft Dynamics NAV connection properties
  133. Microsoft Excel connection properties
  134. Microsoft Fabric Data Warehouse connection properties
  135. Microsoft Fabric Lakehouse connection properties
  136. Microsoft Fabric OneLake connection properties
  137. Microsoft Power BI Connection Properties
  138. Microsoft SharePoint connection properties
  139. Microsoft Sharepoint Online connection properties
  140. Microsoft SQL Server CDC connection properties
  141. Microsoft SQL Server connection properties
  142. Mixpanel connection properties
  143. MLLP connection properties
  144. MongoDB Mass Ingestion connection properties
  145. MongoDB connection properties
  146. MongoDB V2 connection properties
  147. MQTT connection properties
  148. MRI Software connection properties
  149. MySQL CDC connection properties
  150. MySQL connection properties
  151. Netezza connection properties
  152. NetSuite connection properties
  153. NetSuite Mass Ingestion connection properties
  154. NetSuite RESTlet V2 connection properties
  155. NICE Satmetrix connection properties
  156. OData connections properties
  157. OData consumer connection properties
  158. OData V2 Protocol Reader connection properties
  159. OData V2 Protocol Writer connection properties
  160. ODBC connection properties
  161. OpenAir connection properties
  162. Oracle Business Intelligence Publisher connection properties
  163. Oracle CDC V2 connection properties
  164. Oracle Cloud Object Storage connections
  165. Oracle connection properties
  166. Oracle CRM Cloud V1 connections properties
  167. Oracle CRM On Demand connection properties
  168. Oracle Database Ingestion connection properties
  169. Oracle Financials Cloud connections properties
  170. Oracle Financials Cloud V1 connection properties
  171. Oracle Fusion Cloud Mass Ingestion connection properties
  172. Oracle HCM Cloud connection properties
  173. Oracle HCM Cloud V1 connection properties
  174. PostgreSQL CDC connection properties
  175. PostgreSQL connection properties
  176. Power BI connection properties
  177. QuickBooks V2 Connection Properties
  178. Redis connection properties
  179. REST API connection properties
  180. REST V2 connection properties
  181. REST V3 Connection Properties
  182. Salesforce Analytics connection properties
  183. Salesforce Commerce Cloud connection properties
  184. Salesforce connection properties
  185. Salesforce Marketing Cloud connection properties
  186. Salesforce Mass Ingestion connection properties
  187. Salesforce Pardot connection properties
  188. SAP ADSO Writer connection properties
  189. SAP BAPI connection properties
  190. SAP BW BEx Query connection properties
  191. SAP BW Reader connection properties
  192. SAP HANA CDC Connection Properties
  193. SAP HANA connection properties
  194. SAP HANA Database Ingestion connection properties
  195. SAP IDoc and BAPI/RFC connections
  196. SAP IDoc Reader connection properties
  197. SAP IDoc Writer connection properties
  198. SAP IQ connection properties
  199. SAP Mass Ingestion connection properties
  200. SAP ODP Extractor connection properties
  201. SAP RFC/BAPI interface connection properties
  202. SAP Table Connector connection properties
  203. SAS connection properties
  204. Satmetrix connection properties
  205. Sequential File connection properties
  206. ServiceNow connection properties
  207. ServiceNow Mass Ingestion connection properties
  208. Shopify connection properties
  209. Snowflake connection properties
  210. Snowflake Data Cloud connection properties
  211. Stripe connection properties
  212. SuccessFactors LMS connection properties
  213. SuccessFactors ODATA connection properties
  214. SuccessFactors SOAP connection properties
  215. SurveyMonkey connection properties
  216. Tableau V2 connection properties
  217. Tableau V3 connection properties
  218. Teradata connection properties
  219. UKGPro V2 connection properties
  220. UltiPro connection properties
  221. VSAM CDC connection properties
  222. VSAM connection properties
  223. Web Service Consumer connection properties
  224. WebServices V2 connection properties
  225. Workday connection properties
  226. Workday Mass Ingestion connection properties
  227. Workday V2 connection properties
  228. Xactly connection properties
  229. Xero connection properties
  230. XML Source connection properties
  231. XML Target connection properties
  232. Yellowbrick Data Warehouse connection properties
  233. Zendesk connection properties
  234. Zendesk Mass Ingestion connection properties
  235. Zendesk V2 connection properties
  236. Zuora AQuA Connection properties
  237. Zuora connection properties
  238. Zuora Multi-Entity connection properties
  239. Zuora REST V2 connection properties

Connections

Connections

Back Next

Redshift IAM Authentication via AssumeRole

Redshift IAM Authentication via AssumeRole

The Redshift AssumeRole authentication enables the user to assume an IAM role or define an EC2 role configured with required trust policies to generate temporary security credentials to access Amazon Redshift.
For application ingestion and database ingestion tasks, you must use an EC2 role.
The following table describes the basic connection properties for Redshift IAM AssumeRole authentication:
Properties
Description
JDBC URL
The JDBC URL to connect to the Amazon Redshift cluster.
You can get the JDBC URL from your Amazon AWS Redshift cluster configuration page.
Enter the JDBC URL in the following format:
jdbc:redshift://<cluster_endpoint>:<port_number>/<database_name>
, where the endpoint includes the Redshift cluster name and region.
For example,
jdbc:redshift://infa-rs-cluster.abc.us-west-2.redshift.amazonaws.com:5439/rsdb
In the example,
  • infa-rs-qa-cluster is the name of the Redshift cluster.
  • us-west-2.redshift.amazonaws.com is the Redshift cluster endpoint, which is the US West (Oregon) region.
  • 5439 is the port number for the Redshift cluster.
  • rsdb is the specific database instance in the Redshift cluster to which you want to connect.
Username
User name of your database instance in the Amazon Redshift cluster.
Cluster Identifier
The unique identifier of the cluster that hosts Amazon Redshift.
Specify the Amazon Redshift cluster name.
Database Name
Name of the Amazon Redshift database where the tables that you want to access are stored.
Redshift IAM Role ARN
The Amazon Resource Number (ARN) of the IAM role assumed by EC2 to use the dynamically generated temporary security credentials to access Amazon Redshift.
Enter the Redshift IAM role ARN to access the Amazon Redshift cluster.
Use EC2 Role to Assume Role
Enables the EC2 role to assume an IAM role, either to connect to Redshift or to stage data using the temporary security credentials:
Connect to Redshift with IAM authentication using the EC2 role
Select the check box to enable the EC2 role that assumes a Redshift IAM role specified in the
Redshift IAM Role ARN
 field to access Amazon Redshift.
The EC2 role must have a policy attached with permissions to assume a Redshift IAM role from the same or different account.
Access S3 resources to stage data
Select the check box to enable the EC2 role to assume an S3 IAM role specified in the
S3 IAM Role ARN
 field and dynamically generate the temporary security credentials to access the S3 staging buckets.
The EC2 role must have a policy attached with permissions to assume an S3 IAM role from the same or different AWS account.
S3 IAM Role ARN
The Amazon Resource Number (ARN) of the S3 IAM role assumed by the IAM user or EC2 to use the dynamically generated temporary security credentials to stage data in Amazon S3.
This property applies when you want to generate the temporary security credentials to access the S3 staging buckets by using either the EC2 instance or the IAM user who assumes the S3 IAM role.
Specify the S3 IAM role name to use the temporary security credentials to access the Amazon S3 staging bucket.
For more information about how to get the ARN of the IAM role, see the AWS documentation.
If you use the connection for application ingestion or database ingestion tasks that uses role-based authentication, but not the default role for the AWS cluster, specify an IAM role ARN. If you use the default role, leave this field blank.

Advanced settings

The following table describes the advanced connection properties for Redshift IAM AssumeRole authentication:
Properties
Description
Redshift Access Key ID
The access key of the IAM user that has permissions to assume the Redshift IAM AssumeRole ARN.
This property doesn't apply to Amazon Redshift AssumeRole authentication with EC2 role.
Redshift Secret Access Key
The secret access key of the IAM user that has permissions to assume the Redshift IAM Assume Role ARN.
This property doesn't apply to Amazon Redshift AssumeRole authentication with EC2 role.
Database Group
The name of the database group to which you want to add the database user when you select the
Auto Create DBUser
 option in this connection property.
The user that you add to this database group inherits the specified group privileges.
If you do not specify a database group name, the user is added to the public group and inherits its associated privileges.
You can also enter multiple database groups, separated by a comma, to add the user to each of the specified database groups.
Expiration Time
The time duration that the password for the Amazon Redshift database user expires.
Specify a value between 900 seconds and 3600 seconds.
Default is 900.
Auto Create DBUser
Select to create a new Amazon Redshift database user at run time.
The agent adds the user you specified in the
Username
 field to the database group. The added user assumes the privileges assigned to the database group.
Default is disabled.
S3 Access Key ID
Access key of the IAM user to access the Amazon S3 staging bucket.
Enter the access key ID when you use the following methods for S3 staging:
  • When the IAM user has access to S3 staging.
  • When the IAM user who assumes the S3 IAM role uses the temporary security credentials to access S3.
You do not need to enter the S3 access key ID if you use IAM authentication or the assume role for EC2 to access S3.
If you use the connection for application ingestion or database ingestion tasks that use key-based authentication, provide the access key value.
S3 Secret Access Key
Secret access key to access the Amazon S3 staging bucket.
The secret key is associated with the access key and uniquely identifies the account.
Enter the secret access key value when you use following methods for S3 staging:
  • When the IAM user has access to S3 staging.
  • When the IAM user who assumes the S3 IAM role uses the temporary security credentials to access S3.
You do not need to enter the S3 secret access key if you use IAM authentication or the assume role for EC2 to access S3.
If you use the connection for application ingestion or database ingestion tasks that use key-based authentication, provide the access key value.
S3 VPC Endpoint Type
The type of Amazon Virtual Private Cloud endpoint for Amazon S3.
You can use a VPC endpoint to enable private communication with Amazon S3.
Select one of the following options:
  • Default. Select if you do not want to use a VPC endpoint.
  • Interface Endpoint. Select to establish private communication with Amazon S3 through an interface endpoint that has a private IP address from the IP address range of your subnet. It serves as an entry point for traffic destined to an AWS service.
Endpoint DNS Name for Amazon S3
The DNS name for the Amazon S3 interface endpoint.
Replace the asterisk symbol with the
bucket
 keyword in the DNS name.
Enter the DNS name in the following format:
bucket.<DNS name of the interface endpoint>
For example,
bucket.vpce-s3.us-west-2.vpce.amazonaws.com
External ID
The external ID associated with the IAM role.
You can specify the external ID if you want to provide a more secure access to the Amazon S3 bucket when the Amazon S3 staging bucket is in same or different AWS accounts.
If required, you also have the option to specify the external ID in the AssumeRole request to the AWS Security Token Service (STS) using an external ID condition in the assumed IAM role's trust policy.
For more information about using an external ID, see External ID when granting access to your AWS resources.
This property doesn't apply to application ingestion and database ingestion tasks.
Cluster Region
The AWS geographical region in which the Redshift cluster resides.
Select the cluster region from the list if you choose to provide a custom JDBC URL with a different cluster region from that specified in the
JDBC URL
 field property. To continue to use the cluster region name specified in the
JDBC URL
 field property, select
None
 as the cluster region in this property.
You can only read data from or write data to the cluster regions supported by the AWS SDK.
Select one of the following cluster regions:
None
Asia Pacific(Mumbai)
Asia Pacific(Seoul)
Asia Pacific(Singapore)
Asia Pacific(Sydney)
Asia Pacific(Tokyo)
Asia Pacific(Hong Kong)
AWS GovCloud (US)
AWS GovCloud (US-East)
Canada(Central)
China(Bejing)
China(Ningxia)
EU(Ireland)
EU(Frankfurt)
EU(Paris)
EU(Stockholm)
South America(Sao Paulo)
Middle East(Bahrain)
US East(N. Virginia)
US East(Ohio)
US West(N. California)
US West(Oregon)
Default is
None
.
A region value is required for application ingestion and database ingestion tasks.
Master Symmetric Key
1
A 256-bit AES encryption key in the Base64 format that enables client-side encryption to encrypt your data before you send them for staging in Amazon S3.
For more information, see Enable encryption.
This property doesn't apply to application ingestion and database ingestion tasks.
Customer Master Key ID
The customer master key ID generated by AWS Key Management Service (AWS KMS) or the ARN of your custom key for cross-account access when you stage data in Amazon S3. The customer master key serves to encrypt your data at the destination before they are saved in Amazon S3.
You can either enter the customer-generated customer master key ID or the default customer master key ID.
You can use a cross account KMS key in a connection in a mapping in advanced mode. The cluster and the staging bucket needs to be in the same region.
For more information about how to configure server-side encryption, see Enable encryption.
This property doesn't apply to application ingestion and database ingestion tasks.
1
Doesn't apply to mappings in advanced mode.
0 COMMENTS
We’d like to hear from you!