Redshift Cross-Account IAM Role SSL Account

In this article

Overview

Use this account type to connect Redshift Snaps with data sources that use Redshift Cross-Account IAM Role SSL Account.

Prerequisites

Access to the following folders:

  • Private project folder
  • Project Space’s shared folder
  • Global shared folder

Limitations

None.

Known Issues

None.

Account Settings

ParameterData TypeDescriptionDefault ValueExample 
Label*String

Specify a unique label for the account.

N/ARedshift_SSLCross_IAM_Account
JDBC Driver Class

String

Enter the JDBC driver class to use in your application.

org.postgresql.Driverorg.postgresql.Driver
JDBC JARs

Specify or upload the JDBC JAR files that you want to use. You can upload the Redshift driver(s) that can override the default org.postgresql.Driver driver. Set the Batch size value to 1 with the JDBC driver version RedshiftJDBC41-1.1.10.1010.jar. Specify each JDBC Driver as a separate row. Click  to add a new row. We recommend, RedshiftJDBC42-1.2.10.1009.jar version when using Redshift Bulk Upsert Snap in your Pipeline.

JDBC DriverString

Select the JDBC driver to use.

Default JDBC driver will be used on leaving this field blank.

N/AN/A
JDBC Url

String

Enter the URL of the JDBC database.N/Ajdbc:redshift://hostname:port/database

Account properties*


Configure the information required to establish a database connection with the account.

Endpoint*

String

Enter the server's address to establish a connection.N/Afieldcluster.cvnsysusue7w2.us-east-1.redshift.amazonaws.com
Port number*

Numeric


Enter the database server's port to connect to the host.54395439
Database name*

String

Enter the database name to connect.N/Aweqter
Username

String

Enter the username to connect to the database. Username is used as the default username when retrieving connections. The username must be valid in order to set up the data source.N/Aadmin
Password

String

Enter the password to connect to the data source. Password is used as the default password when retrieving connections. The password must be valid in order to set up the data source.N/AN/A
S3 BucketString

Enter the external S3 Bucket name residing in an external AWS account, to use for staging data onto Redshift.

This field is required when using Redshift Bulk Load, Redshift Bulk Upsert, Redshift S3 Upsert, and Redshift Unload Snaps.

N/Asl-bucket-ca
S3 Folder

String

Enter the relative path to a folder in S3 Bucket. This is used as a root folder for staging data onto Redshift.N/As3://sl-bucket/sfo
S3 Bucket RegionString

Enter the name of the region where the S3 bucket belongs.

This field is required if the Redshift cluster and the S3 bucket are in the different regions.

N/Aus-east-2
S3 Bucket Write IAM Role ARNString

Enter the IAM role to write to the S3 bucket which resides in an external AWS account.

  • You need to have write and delete permissions in this role.
  • This field is required when using Bulk load Snap (with input view data source), Bulk Upsert Snap, and Unload Snap.
N/Aarn:aws:iam::133198801419:role/IamRoleForCanary
External IDStringEnter an optional external ID which is required by the role. This field is applicable only for streaming bulk load.N/A7609567
TrustStoreStringEnter the location of the trust store file. It can be located in SLDB or any other unauthenticated endpoint such as 'https://'. You can also browse for the location.N/Aredshiftstore4
Trust Store PasswordStringEnter the password for the truststore file. N/A12@*^87*
IAM properties (Redshift Cluster)
Specify the information for Redshift to communicate with IAM.

AWS account IDString

Enter the ID of the Amazon Web Services account to be used for performing bulk load operation.

This field is required when using Redshift Bulk Load, Redshift Bulk Upsert, Redshift S3 Upsert, and Redshift Unload Snaps.

N/A 


763091233961
IAM role nameString

Enter the name of the IAM role associated with the target Redshift cluster to access the S3 bucket. redshift cluster to access the S3 bucket provided above.

This field is required when using Redshift Bulk Load, Redshift Bulk Upsert, Redshift S3 Upsert, and Redshift Unload Snaps.

N/Adas-crossaccount-role1
S3 Bucket Read IAM RoleSpecify the Cross-Account IAM properties information for Redshift to communicate with IAM.
IAM Role ARNString

Enter the ARN of the IAM role set on the above S3 bucket.

This field is required when using Redshift Bulk Load with input view data source, Redshift Bulk Upsert, Redshift S3 Upsert, and Redshift Unload Snaps.

N/Aarn:aws:iam::133198801419:role/cross-account-access-snap6776-das
Advanced properties
Specify advanced properties to support this account.

Auto commit

Checkbox


Select this check box to enable the Snap to commit offsets automatically as messages are consumed and sent to the output view. If the Snap fails, only the batch being executed at that moment is rolled back.

SelectedDeselected
Batch sizeNumeric

Required. Enter the number of statements to execute at a time.

This field is required when using Redshift Bulk Load, Redshift Bulk Upsert, Redshift S3 Upsert, and Redshift Unload Snaps. User-defined types are not if a JDBC driver with a version other than 11.2.0.4.0 is set.

5070
Fetch sizeNumeric

Required. Enter the number of rows to fetch at a time when executing a query.

User-defined types are not supported if a JDBC driver with a version other than 11.2.0.4.0 is set.

10056
Max pool sizeNumeric

Required. Enter the maximum number of connections that a pool maintains at a time.

Redshift Bulk Load/Bulk Upsert/S3 Upsert Snap requires a minimum of two connections per Snap in a pipeline. For example, if a pipeline has a Redshift Bulk Load Snap and an S3 Upsert Snap, then the pool size must be greater than or equal to four for successful execution.

5010
Max life time

Numeric


Required. Enter the maximum lifetime of a connection in the pool.

Ensure that the value you enter is a few seconds lesser than any database or infrastructure-imposed connection time limit. A value of 0 indicates an infinite lifetime, subject to the Idle Timeout value. An in-use connection is never retired. Connections are removed only after they are closed.

3015
Idle Timeout

Numeric


Required. Enter the maximum amount of time a connection that should remain idle in the pool. A value of 0 indicates that idle connections are never removed from the pool.51
Checkout timeoutNumeric


Required. Enter the number of milliseconds to wait for a connection to be available when the pool is exhausted. A value of 0 indicates that the wait time to checkout is infinite. An exception is thrown after the wait time expires.10002000
URL PropertiesSpecify the URL properties associated to this account.

URL property name

Numeric


Enter the URL property name.N/Assl
URL property value

Numeric


Enter the URL property value.N/Atrue

Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.


Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.

Account:

  • High: Password, S3 Access-key ID, S3 Secret key
  • Medium + High: Username, Password, S3 Access-key ID, S3 Secret key
  • Low + Medium + High: Endpoint, Database name, Username, Password, S3 Bucket, S3 Folder, S3 Access-key ID, S3 Secret key, URL property value

Troubleshooting

None.



See Also