AWS Step Function Redshift 身份验证
AWS Step Function Redshift Authentication
我正在构建一个 AWS Step Function 来触发 SQS 事件消息。这些消息将携带一个带有 startTime 和 endTime 的简单负载到 运行 一些 Redshift 查询。
我显然没有为 Redshift 提供所需的身份验证:
{
"error": "RedshiftData.ValidationException",
"cause": "To use IAM Authorization, both Cluster ID and DB User are required unless you're using Redshift Serverless. (Service: RedshiftData, Status Code: 400, Request ID: 3c7ef18f-ad28-46a2-8668-25cb6f5563bd, Extended Request ID: null)"
}
问题是如何正确配置身份验证。
我是否在这里创建一个数据库用户? https://awsbytes.com/how-to-create-user-in-redshift-database/
我将如何在 step 函数中传递它?
我应该使用 Secrets Manager 吗?有这方面的好指南吗?
有我的步骤功能代码:
{
"Comment": "Run Redshift Queries",
"StartAt": "ReceiveMessage from SQS",
"States": {
"ReceiveMessage from SQS": {
"Type": "Task",
"Parameters": {
"QueueUrl": "https://sqs.us-east-2.amazonaws.com/******/dev-queryProcessingQueue"
},
"Resource": "arn:aws:states:::aws-sdk:sqs:receiveMessage",
"Next": "Run Analysis Queries",
"ResultSelector": {
"body.$": "States.StringToJson($.Messages[0].Body)"
}
},
"Run Analysis Queries": {
"Type": "Task",
"Parameters": {
"ClusterIdentifier": "test-*****-redshift-cluster",
"Database": "prod",
"Sql": "select * from my_test_table"
},
"Resource": "arn:aws:states:::aws-sdk:redshiftdata:executeStatement",
"End": true
}
},
"TimeoutSeconds": 3600
}
解决方案是将Redshift访问添加到步骤功能IAM Role。
我正在构建一个 AWS Step Function 来触发 SQS 事件消息。这些消息将携带一个带有 startTime 和 endTime 的简单负载到 运行 一些 Redshift 查询。
我显然没有为 Redshift 提供所需的身份验证:
{
"error": "RedshiftData.ValidationException",
"cause": "To use IAM Authorization, both Cluster ID and DB User are required unless you're using Redshift Serverless. (Service: RedshiftData, Status Code: 400, Request ID: 3c7ef18f-ad28-46a2-8668-25cb6f5563bd, Extended Request ID: null)"
}
问题是如何正确配置身份验证。 我是否在这里创建一个数据库用户? https://awsbytes.com/how-to-create-user-in-redshift-database/ 我将如何在 step 函数中传递它? 我应该使用 Secrets Manager 吗?有这方面的好指南吗?
有我的步骤功能代码:
{
"Comment": "Run Redshift Queries",
"StartAt": "ReceiveMessage from SQS",
"States": {
"ReceiveMessage from SQS": {
"Type": "Task",
"Parameters": {
"QueueUrl": "https://sqs.us-east-2.amazonaws.com/******/dev-queryProcessingQueue"
},
"Resource": "arn:aws:states:::aws-sdk:sqs:receiveMessage",
"Next": "Run Analysis Queries",
"ResultSelector": {
"body.$": "States.StringToJson($.Messages[0].Body)"
}
},
"Run Analysis Queries": {
"Type": "Task",
"Parameters": {
"ClusterIdentifier": "test-*****-redshift-cluster",
"Database": "prod",
"Sql": "select * from my_test_table"
},
"Resource": "arn:aws:states:::aws-sdk:redshiftdata:executeStatement",
"End": true
}
},
"TimeoutSeconds": 3600
}
解决方案是将Redshift访问添加到步骤功能IAM Role。