As a user, you can use Amazon Redshift V2 Connector after the organization administrator ensures that users have access to the Secure Agent directory that contains the success and error files. The directory path must be the same on each Secure Agent machine in the runtime environment. The organization administrator must also perform the following tasks:
Get the Amazon Redshift JDBC URL.
Manage Authentication. Use either of the following two methods:
Create an Access Key ID and Secret Access Key.
Provide the values for access key ID and secret access key when you configure the Amazon Redshift V2 connection. For more information about creating an access key ID and secret access key, see the AWS documentation.
Configure AWS Identity and Access Management (IAM) Authentication to enhance security.
If you use IAM authentication, do not provide access key ID and secret access key explicitly in the Amazon Redshift V2 connection. Instead, you must create an Redshift Role Amazon Resource Name (ARN), add the minimal Amazon S3 bucket policy to the Redshift Role ARN, and add the Redshift Role ARN to the Redshift cluster.
Provide the Redshift Role ARN in the AWS_IAM_ROLE option in the UNLOAD and COPY commands when you create a task.
If you specify both, access key ID and secret access key in the connection properties and AWS_IAM_ROLE in the UNLOAD and COPY commands, AWS_IAM_ROLE takes the precedence.
You must add IAM EC2 role and IAM Redshift role to the customer master key when you use IAM authentication and server-side encryption using customer master key.
Hosted Agent does not support IAM authentication. For more information about how to configure IAM authentication for Amazon Redshift V2 Connector, see
Configure Amazon Redshift for SSL if you want to support an SSL connection.
Create a master symmetric key if you want to enable client-side encryption.
Create an AWS Key Management Service (AWS KMS)-managed customer master key if you want to enable server-side encryption.