Redshift Cross-Account IAM Role SSL Account

In this article

Overview

Use this account type to connect Redshift Snaps with data sources that use Redshift Cross-Account IAM Role SSL Account. The Redshift Snaps support both Redshift Cluster and Redshift Serverless accounts.

Prerequisites

Access to the following folders:

  • Private project folder

  • Project Space’s shared folder

  • Global shared folder

Limitations

Known Issues

None.

Account Settings

image-20240215-122243.png

 

Field Name

Field Type

Description

Field Name

Field Type

Description

Label*

 

Default Value: None
Example: Redshift Cross-Account IAM Role SSL Account

String

Specify a unique label for the account.

JDBC driver class

 

Default Value: com.amazon.redshift.jdbc42.Driver
Example: org.postgresql.Driver

String/Expression

Name of the JBDC driver class to use. By default, the com.amazon.redshift.jdbc42.Driver class is bundled with the Snap Pack.

JDBC JARs

 

 

Use this field set to add a list of JDBC JAR files to be loaded. By default, the Redshift account is bundled with the JDBC v2.1.0.29 driver. However, you can add a custom JAR file. Click + to add a new row for each JDBC JAR file.

JDBC driver

 

Default value: N/A
Example:

JDBC 42-2.1.0.29.jar

String

The Redshift Snap Pack is bundled with the default Redshift JDBC driver v2.1.0.29. Therefore, even if you do not provide a JDBC Driver, the account does not fail.

JDBC URL

 

Default Value: N/A
Example: jdbc:redshift://hostname:port/database

String/Expression

Enter the URL of the JDBC database.

Account properties

Enter in the information to create a connection to the database.

Endpoint*

 

Default Value: N/A
Example: examplecluster.c8dwbwr9.us-east-1.redshift.endpoint.com

String/Expression

Enter the server's address to connect to.

Port number*

 

Default Value: 5439
Example: 5439

Integer/Expression

 

Enter the database server's port to connect.

Database name*

 

Default Value: N/A
Example: snaplogic

String/Expression

Enter the database name to connect.

Username

 

Default Value: N/A
Example: redshiftadmin

String/Expression

Enter the username to connect to the database. Username will be used as the default username when retrieving connections. The username must be valid in order to set up the data source.

Password

 

Default Value: N/A
Example: p@$$20d*

String/Expression

Enter the password used to connect to the data source. Password will be used as the default password when retrieving connections. The password must be valid in order to set up the data source.

S3 Bucket

 

Default Value: N/A
Example: sl-bucket-ca

String/Expression

Enter the external S3 Bucket name residing in an external AWS account, to use for staging data onto Redshift.

This field is required when using Redshift Bulk Load, Redshift Bulk Upsert, Redshift S3 Upsert, and Redshift Unload Snaps. 

S3 folder

 

Default Value: N/A
Example: s3://bucket-name/folder-name

String/Expression

Enter the relative path to a folder in S3 Bucket. This is used as a root folder for staging data onto Redshift.

S3 Bucket Region

 

Default Value: N/A
Example: us-east-2

String/Expression

Enter the name of the region where the S3 bucket belongs.

This field is required if the Redshift cluster and the S3 bucket are in the different regions.

S3 Bucket Write IAM Role ARN

 

Default Value: N/A
Example: arn:aws:iam::13355861319:role/IamRoleWithAllAccessforyourinstance

String/Expression

Enter the IAM role to write to the S3 bucket which resides in either the same or different AWS account.

  • You need to have write and delete permissions in this role.

  • This field is required when using Bulk load Snap (with input view data source), Bulk Upsert Snap, and Unload Snap.

External ID

 

Default Value: N/A
Example: 7609567

String/Expression

Enter an optional external ID which is required by the role. This field is applicable only for streaming bulk load.

TrustStore

 

Default Value: N/A
Example: redshiftstore4

String/Expression

Enter the location of the trust store file. It can be located in SLDB or any other unauthenticated endpoint such as 'https://'. You can also browse for the location.

TrustStore Password

 

Default Value: N/A
Example: 12@*^87*

String/Expression

Enter the password for the truststore file. 

IAM properties (Redshift Cluster)

Specify the IAM properties information for Redshift to communicate with IAM.

AWS account ID

 

Default Value: N/A
Example: AWS-1

String/Expression

Enter the ID of the Amazon Web Services account to be used for performing bulk load operation.

IAM role name

 

Default Value: N/A
Example: rolex

String/Expression

Enter the name of the IAM role that has been assigned to the Redshift cluster to access the S3 bucket provided above.

S3 bucket read IAM role

Specify the information required to make Redshift work with IAM instead of Access-key ID and Secret.

IAM Role ARN

 

Default Value: N/A
Example: arn:aws:iam::123456789012:role/S3Access

 

String/Expression

Enter the ARN of the IAM role set on the above S3 bucket.

Advanced properties

Specify advanced properties to support this account.

Auto commit

 

Default Value: Selected

Checkbox

 

Select this check box to enable the Snap to commit offsets automatically as messages are consumed and sent to the output view.

Batch size*

 

Default Value: 50
Example: 50

Integer/Expression

Enter the number of statements to execute at a time. Select queries are not batched.

Fetch size*

 

Default Value:100
Example:100

Integer/Expression

Enter the number of rows to fetch at a time when executing a query.

Max pool size*

 

Default Value: 50
Example: 30

Integer/Expression

Enter the maximum number of connections a pool will maintain at a time.

Max lifetime (minutes)*

 

Default Value: 30
Example: 10

Integer/Expression

Enter the maximum lifetime of a connection in the pool. Ensure that the value you enter is a few seconds shorter than any database or infrastructure-imposed connection time limit. A value of 0 indicates an infinite lifetime, subject to the Idle Timeout value. An in-use connection is never retired. Connections are removed only after they are closed.

Idle Timeout (minutes)*

 

Default Value: 5
Example: 6

Integer/Expression

Enter the maximum amount of time a connection is allowed to sit idle in the pool. A value of 0 indicates that idle connections are never removed from the pool.

Checkout timeout (milliseconds)*

 

Default Value:1000
Example: 800

Integer/Expression

Enter the number of milliseconds to wait for a connection to be available when the pool is exhausted.

URL properties

Use this field set to define the URL properties associated with this account. This field set contains the following fields:

  • URL property name

  • URL property value

URL property name

 

Default Value: N/A
Example:

Integer/Expression

Enter the URL property name.

URL property value

 

Default Value: N/A
Example:

Integer/Expression

Enter the URL property value.


Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.



Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.

Account:

  • High: Password, S3 Access-key ID, S3 Secret key

  • Medium + High: Username, Password, S3 Access-key ID, S3 Secret key

  • Low + Medium + High: Endpoint, Database name, Username, Password, S3 Bucket, S3 Folder, S3 Access-key ID, S3 Secret key, URL property value

Troubleshooting

None.




Related Content