如何使用带有 IAM 凭证的 psql 客户端访问 Amazon AWS redshift
How to acess Amazon AWS redshift using psql client with IAM credentials
我一直在尝试使用 psql 客户端访问 AWS redshift。
使用 Psql 客户端,我可以使用数据库凭据访问 redshift。
redshift_query_output=$(PGPASSWORD=${pass} psql --no-align --quiet --field-separator=' ' -h ${host} -U ${user} -d $database_name -p $port_number <<< $run_redshift_query | sed -e '1d' | head -n -1)
以上查询有效。但我想知道是否可以使用 IAM 角色或用户进行访问。我找不到任何合适的资源。
我尝试使用 IAM 角色凭证,但无法直接使用。
来自Using IAM authentication to generate database user credentials - Amazon Redshift:
You can generate temporary database credentials based on permissions granted through an AWS Identity and Access Management (IAM) permissions policy to manage the access that your users have to your Amazon Redshift database.
Commonly, Amazon Redshift database users log in to the database by providing a database user name and password. However, you don't have to maintain user names and passwords in your Amazon Redshift database. As an alternative, you can configure your system to permit users to create user credentials and log in to the database based on their IAM credentials.
最简单的方法是使用 AWS CLI:
来自Generating IAM database credentials using the Amazon Redshift CLI or API - Amazon Redshift:
To programmatically generate temporary database user credentials, Amazon Redshift provides the get-cluster-credentials
command for the AWS Command Line Interface (AWS CLI) and the GetClusterCredentials
API operation. Or you can configure your SQL client with Amazon Redshift JDBC or ODBC drivers that manage the process of calling the GetClusterCredentials operation, retrieving the database user credentials, and establishing a connection between your SQL client and your Amazon Redshift database.
aws redshift get-cluster-credentials --cluster-identifier examplecluster --db-user temp_creds_user -–auto-create --db-name exampledb -–db-groups example_group --duration-seconds 3600
然后您可以将返回的凭据与 psql
命令一起使用。
我一直在尝试使用 psql 客户端访问 AWS redshift。 使用 Psql 客户端,我可以使用数据库凭据访问 redshift。
redshift_query_output=$(PGPASSWORD=${pass} psql --no-align --quiet --field-separator=' ' -h ${host} -U ${user} -d $database_name -p $port_number <<< $run_redshift_query | sed -e '1d' | head -n -1)
以上查询有效。但我想知道是否可以使用 IAM 角色或用户进行访问。我找不到任何合适的资源。
我尝试使用 IAM 角色凭证,但无法直接使用。
来自Using IAM authentication to generate database user credentials - Amazon Redshift:
You can generate temporary database credentials based on permissions granted through an AWS Identity and Access Management (IAM) permissions policy to manage the access that your users have to your Amazon Redshift database.
Commonly, Amazon Redshift database users log in to the database by providing a database user name and password. However, you don't have to maintain user names and passwords in your Amazon Redshift database. As an alternative, you can configure your system to permit users to create user credentials and log in to the database based on their IAM credentials.
最简单的方法是使用 AWS CLI:
来自Generating IAM database credentials using the Amazon Redshift CLI or API - Amazon Redshift:
To programmatically generate temporary database user credentials, Amazon Redshift provides the
get-cluster-credentials
command for the AWS Command Line Interface (AWS CLI) and theGetClusterCredentials
API operation. Or you can configure your SQL client with Amazon Redshift JDBC or ODBC drivers that manage the process of calling the GetClusterCredentials operation, retrieving the database user credentials, and establishing a connection between your SQL client and your Amazon Redshift database.
aws redshift get-cluster-credentials --cluster-identifier examplecluster --db-user temp_creds_user -–auto-create --db-name exampledb -–db-groups example_group --duration-seconds 3600
然后您可以将返回的凭据与 psql
命令一起使用。