Redshift Advanced Connection Settings

 Below you will find a list of fields, which should be entered for connection:

Connection name - by default, it would be created with the name 'New Connection', we can change it.

JDBC DRIVER - please use the link for finding more information about JDBC DRIVER

Host - we need to add the hostname of our database server 

Port - by default, it would be 5439, or we need to add the port used by our server.

SSL Mode - or Secure Sockets Layer, is a method of providing a secure browser connection for viewing Web pages, email and other online data:

  • Disable - SSL is disabled and the connection is not encrypted.
  • Prefer - SSL is used if the server supports it. Amazon Redshift supports SSL, so SSL is used when you set sslmode to prefer.
  • Allow - SSL is used if the server requires it.
  • Require - SSL is required.

imgonline-com-ua-GIF-Animation-0O1Nnix8pDK5R.gif

Authentication - by default, we add Standart. Use this option to specify how the connection will be authenticated. Select one of the following authentication types:

  • Standard - Standard authentication (with a Redshift database user name and password).
  • AWS Profile - IAM authentication using an Amazon Web Services (AWS) profile. Provide the details for this authentication type below.
  • AWS IAM Credentials - IAM authentication using IAM credentials. Provide the details for this authentication type below.
  • Identify Provider: AD FS - Single sign-on (SSO) IAM authentication using Active Directory Federation Services (AD FS) as an identity provider. The connection will be authenticated using the IAM credentials stored in AD FS. Provide the details for this authentication type below.
  • Identity Provider: PingFederate - Single sign-on (SSO) IAM authentication using PingFederate as an identity provider. The connection will be authenticated using the IAM credentials stored in the PingFederate service. Provide the details for this authentication type below.
  • Identity Provider: Okta - Single sign-on (SSO) IAM authentication using Okta as an identity provider. The connection will be authenticated using the IAM credentials stored in Okta. Provide the details for this authentication type below.

 If [Authentication] = [Standard], then

User&Password - add your user name and password.

Database - Enter the database that you created for your Amazon Redshift cluster.

Connection timeout (sec)- Enter connection timeout  (0 if left empty, means to timeout)

Advanced properties - we can add all particular information which we need.

imgonline-com-ua-GIF-Animation-gJfp2aLuoBA4e.gif

If [Authentication] = [AWS Profile], then

DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER

Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.

DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.

For more information, see JDBC and ODBC Options for Creating Database User Credentials.

Profiles - Enter the name of a profile in an AWS config file that contains values for the ODBC connection options. For more information, see Using a Configuration Profile.

 Use Amazone EC2 Instance Profile - check-box. You can use an IAM role to manage temporary credentials for applications that are running on an EC2 instance and making AWS CLI or AWS API requests. This is preferable to storing access keys within the EC2 instance. To assign an AWS role to an EC2 instance and make it available to all of its applications, you create an instance profile that is attached to the instance. An instance profile contains the role and enables programs that are running on the EC2 instance to get temporary credentials. For more information, see Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances in the IAM User Guide.

Database - Enter the database that you created for your Amazon Redshift cluster.

Connection timeout (sec)- Enter connection timeout  (0 if left empty, means to timeout)

Advanced properties - we can add all particular information which we need.

mceclip2.png

 If [Authentication] = [AWS IAM], then

DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER

Autocreate DB User- Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.

DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.

Access Key ID & Secret Access Key The access key ID and secret access key for the IAM role or IAM user configured for IAM database authentication. 

Session Token - is required for an IAM role with temporary credentials. For more information, see Temporary Security Credentials.

mceclip3.png

If [Authentication] = [AD FS], then

πŸ”Ž NOTE: For Windows Integrated Authentication with Identify Provider: AD FS, leave [Idp User] and [Idp Password] empty.

DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER

Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.

DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.

Idp Host - The name of the corporate identity provider host. This name should not include any slashes ( / ).

Idp Post - The port used by identity provider. The default is 443.

SSL Insecure - To skip verification of the SSL certificate of the IDP server, select the SSL Insecure check box.

Preferred Role - An Amazon Resource Name (ARN) for the IAM role from the multi-valued  AttributeValue elements for the  Role attribute in the SAML assertion. To find the appropriate value for the preferred role, work with your IdP administrator. For more information, see Configure SAML assertions for your IdP.

mceclip4.png

If [Authentication] = [PingFederate], then

Depend on Authentication we will see instead [User&Password]⇨ [Idp User&Idp Password]  (identity provider user&password).

DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER

Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.

DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.

Idp Host - The name of the corporate identity provider host. This name should not include any slashes ( / ).

Idp Post - The port used by identity provider. The default is 443.

SSL Insecure - To skip verification of the SSL certificate of the IDP server, select the [SSL Insecure] check box.

Preferred Role - An Amazon Resource Name (ARN) for the IAM role from the multi-valued  AttributeValue elements for the  Role attribute in the SAML assertion. To find the appropriate value for the preferred role, work with your IdP administrator. For more information, see Configure SAML assertions for your IdP.

Partner SPID- Enter partner service provider ID 

mceclip6.png

If [Authentication] = [Okta], then

Depend on Authentication we will see instead [User&Password]⇨ [Idp User&Idp Password]  (identity provider user&password).

DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER

Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.

DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.

Idp Host - The name of the corporate identity provider host. This name should not include any slashes ( / ).

Preferred Role - An Amazon Resource Name (ARN) for the IAM role from the multi-valued  AttributeValue elements for the  Role attribute in the SAML assertion. To find the appropriate value for the preferred role, work with your IdP administrator. For more information, see Configure SAML assertions for your IdP.

Okta App ID - An ID for an Okta application. The value for App ID follows "amazon_aws" in the Okta application embed link. Work with your IdP administrator to get this value.

 Okta App Name - Enter Okta application Name.

mceclip7.png

Authentication for Redshift impact on visibility next measures:  

 Measure list Standard AWS Profile

  AWS IAM 

     AD FS  PingFederate       Okta
DB User     βž–                       βž•                      βž•                        βž•                         βž•                        βž•               
Autocreate DB User     βž–        βž•       βž•         βž•          βž•         βž•
DB Groups     βž–        βž•       βž•         βž•          βž•         βž•
Profiles     βž–        βž•       βž–         βž–          βž–          βž–
Use Amazone EC2 Instance Profile     βž–        βž•       βž–         βž–          βž–          βž–

Access Key

    βž–        βž–       βž•         βž–           βž–          βž–

Secret Access Key

    βž–        βž–        βž•         βž–          βž–          βž–

Session Token

    βž–        βž–       βž•         βž–          βž–          βž–

Idp Host

    βž–        βž–       βž–        βž•          βž•          βž•

Idp Post

     βž–        βž–       βž–        βž•          βž•         βž–

SSL Insecure

     βž–        βž–       βž–        βž•          βž•          βž–

Idp User

     βž–        βž–       βž–        βž•         βž•          βž•

Idp Password

     βž–        βž–        βž–       βž•          βž•          βž•

Preferred Role

     βž–        βž–       βž–       βž•          βž•          βž•

Partner SPID

     βž–       βž–       βž–        βž–          βž•          βž–

Okta App ID

     βž–        βž–       βž–        βž–          βž–          βž•

Okta App Name

      βž–        βž–      βž–       βž–          βž–          βž•

 

πŸ”Ž NOTE:  More information you can find by link 

 

πŸ”Ž NOTE: After the User has passed Multi-Factor Authentication (MFA), the SAML Assertion credentials are stored in the driver cache until they expire ('duration' property is defined at provider). In this regard, if the User changes an existing connection or creates a new one with invalid parameters, this will not be taken into account and the connection will pass.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request