Table of Contents

Search

  1. Preface
  2. Part 1: Introduction to Amazon Redshift connectors
  3. Part 2: Data Integration with Amazon Redshift V2 Connector
  4. Part 3: Data Integration with Amazon Redshift Connector

Amazon Redshift Connectors

Amazon Redshift Connectors

Rules and guidelines for using the temporary security credentials

Rules and guidelines for using the temporary security credentials

Consider the following guidelines when you use the temporary security credentials:
  • The IAM user or IAM role that requests for the temporary security credentials must not have access to any AWS resources.
  • Only authenticated IAM users or IAM roles can request for the temporary security credentials from the AWS Security Token Service (AWS STS).
  • Before you run a task, ensure that you have enough time to use the temporary security credentials for running the task. You cannot extend the time duration of the temporary security credentials for an ongoing task. For example, when you read from and write to Amazon Redshift and if the temporary security credentials expire, you cannot extend the time duration of the temporary security credentials that causes the task to fail.
  • After the temporary security credentials expire, AWS does not authorize the IAM users or IAM roles to access the resources using the credentials. You must request for new temporary security credentials before the previous temporary security credentials expire in a mapping.
  • For elastic mappings, the temporary security credentials do not expire even after the configured time in the
    Temporary Credential Duration
    advanced source and target property elapses.
  • Do not use the root user credentials of an AWS account to use the temporary security credentials. You must use the credentials of an IAM user to use the temporary security credentials.
  • When you create an Amazon Redshift V2 connection with the IAM Role ARN and use the SSE-KMS encryption, you must specify AWS_IAM_ROLE as the unload option in the Amazon Redshift V2 advanced source properties.
  • If both the source and target in a mapping point to the same Amazon S3 bucket, use the same Amazon S3 connection in the Source and Target transformations. If you use two different Amazon S3 connections, configure the same values in the connection properties for both the connections.
  • If the source and target in a mapping point to different Amazon S3 buckets, you can use two different Amazon S3 connections.
    You can configure different values in the connection properties for both the connections. However, you must select the
    Use EC2 Role to Assume Role
    check box in the connection property. You must also specify the same value for the
    Temporary Credential Duration
    field in the source and target properties.