Table of Contents

Search

  1. Preface
  2. Part 1: Introduction to Amazon Redshift connectors
  3. Part 2: Data Integration with Amazon Redshift V2 Connector
  4. Part 3: Data Integration with Amazon Redshift Connector

Amazon Redshift Connectors

Amazon Redshift Connectors

Default authentication

Default authentication

The following table describes the basic connection properties for default authentication:
Properties
Description
JDBC URL
The JDBC URL to connect to the Amazon Redshift cluster.
You can get the JDBC URL from your Amazon AWS Redshift cluster configuration page.
Enter the JDBC URL in the following format:
jdbc:redshift://<cluster_endpoint>:<port_number>/<database_name>
, where the endpoint includes the Redshift cluster name and region.
For example,
jdbc:redshift://infa-rs-cluster.abc.us-west-2.redshift.amazonaws.com:5439/rsdb
In the example,
  • infa-rs-qa-cluster is the name of the Redshift cluster.
  • us-west-2.redshift.amazonaws.com is the Redshift cluster endpoint, which is the US West (Oregon) region.
  • 5439 is the port number for the Redshift cluster.
  • rsdb is the specific database instance in the Redshift cluster to which you want to connect.
Username
User name of your database instance in the Amazon Redshift cluster.
Password
Password of the Amazon Redshift database user.
Use EC2 Role to Assume Role
Enables the EC2 instance that assumes an S3 IAM role to access the S3 resources to stage data using the temporary security credentials.
The EC2 role must have a policy attached with permissions to assume an S3 IAM role. The S3 IAM role and the EC2 instance can be in the same or different AWS account.
Select the check box to enable the EC2 role to assume an S3 IAM role specified in the S3 IAM Role ARN option to access the S3 resources for staging data.
S3 IAM Role ARN
The Amazon Resource Number (ARN) of the IAM role assumed by the IAM user or EC2 to use the dynamically generated temporary security credentials to stage data in Amazon S3.
This property applies when you want to generate temporary security credentials to access the S3 staging buckets by using either the EC2 instance or the IAM user who assumes the S3 IAM role.
Specify the S3 IAM role name to use the temporary security credentials to access the Amazon S3 staging bucket.
For more information about how to get the ARN of the S3 IAM role, see the AWS documentation.

Advanced settings

The following table describes the advanced connection properties for default authentication:
Properties
Description
S3 Access Key ID
Access key of the IAM user to access the Amazon S3 staging bucket.
Enter the access key ID when you use the following methods for S3 staging:
  • When the IAM user has access to S3 staging.
  • When the IAM user who assumes the S3 IAM role uses the temporary security credentials to access S3.
You do not need to enter the S3 access key ID if you use IAM authentication or the assume role for EC2 to access S3.
S3 Secret Access Key
Secret access key to access the Amazon S3 staging bucket.
The secret key is associated with the access key and uniquely identifies the account.
Enter the secret access key value when you use following methods for S3 staging:
  • When the IAM user has access to S3 staging.
  • When the IAM user who assumes the S3 IAM role uses the temporary security credentials to access S3.
You do not need to enter the S3 secret access key if you use IAM authentication or the assume role for EC2 to access S3.
S3 VPC Endpoint Type
The type of Amazon Virtual Private Cloud endpoint for Amazon S3.
You can use a VPC endpoint to enable private communication with Amazon S3.
Select one of the following options:
  • Default. Select if you do not want to use a VPC endpoint.
  • Interface Endpoint. Select to establish private communication with Amazon S3 through an interface endpoint that has a private IP address from the IP address range of your subnet. It serves as an entry point for traffic destined to an AWS service.
Endpoint DNS Name for Amazon S3
The DNS name for the Amazon S3 interface endpoint.
Replace the asterisk symbol with the
bucket
keyword in the DNS name.
Enter the DNS name in the following format:
bucket.<DNS name of the interface endpoint>
For example,
bucket.vpce-s3.us-west-2.vpce.amazonaws.com
External ID
The external ID associated with the IAM role.
You can specify the external ID if you want to provide a more secure access to the Amazon S3 bucket. The Amazon S3 staging bucket and the IAM role can be in the same or different AWS accounts.
If required, you also have the option to specify the external ID in the AssumeRole request to the AWS Security Token Service (STS) using an external ID condition in the assumed IAM role's trust policy.
For more information about using an external ID, see External ID when granting access to your AWS resources.
Cluster Region
The AWS cluster region in which the Redshift cluster resides.
Select the cluster region from the list if you choose to provide a custom JDBC URL with a different cluster region from that specified in the
JDBC URL
field property. To continue to use the cluster region name specified in the
JDBC URL
field property, select
None
as the cluster region in this property.
You can only read data from or write data to the cluster regions supported by the AWS SDK.
Select one of the following cluster regions:
None
Asia Pacific(Mumbai)
Asia Pacific(Seoul)
Asia Pacific(Singapore)
Asia Pacific(Sydney)
Asia Pacific(Tokyo)
Asia Pacific(Hong Kong)
AWS GovCloud (US)
AWS GovCloud (US-East)
Canada(Central)
China(Bejing)
China(Ningxia)
EU(Ireland)
EU(Frankfurt)
EU(Paris)
EU(Stockholm)
South America(Sao Paulo)
Middle East(Bahrain)
US East(N. Virginia)
US East(Ohio)
US West(N. California)
US West(Oregon)
Default is
None
.
Master Symmetric Key
1
A 256-bit AES encryption key in the Base64 format that enables client-side encryption to encrypt your data before you send them for staging in Amazon S3.
For more information, see Enable encryption.
Customer Master Key ID
The customer master key ID generated by AWS Key Management Service (AWS KMS) or the ARN of your custom key for cross-account access when you stage data in Amazon S3. The customer master key serves to encrypt your data at the destination before they are saved in Amazon S3.
You can either enter the customer-generated customer master key ID or the default customer master key ID.
You can use a cross account KMS key in a connection in a mapping in advanced mode. The cluster and the staging bucket needs to be in the same region.
1
Doesn't apply to mappings in advanced mode.

0 COMMENTS

We’d like to hear from you!