Configuration options for the Amazon Redshift Python connector
Following, you can find descriptions for the options that you can specify for the Amazon Redshift Python connector.
access_key_id
-
Default value – None
-
Data type – String
The access key for the IAM role or user configured for IAM database authentication.
This parameter is optional.
allow_db_user_override
-
Default value – False
-
Data type – Boolean
- True
-
Specifies that the connector uses the
DbUser
value from the Security Assertion Markup Language (SAML) assertion. - False
-
Specifies that the value in the
DbUser
connection parameter is used.
This parameter is optional.
app_name
-
Default value – None
-
Data type – String
The name of the identity provider (IdP) application used for authentication.
This parameter is optional.
auth_profile
-
Default value – None
-
Data type – String
The name of an Amazon Redshift authentication profile having connection properties as
JSON. For more information about naming connection parameters, see the
RedshiftProperty
class. The RedshiftProperty
class
stores connection parameters provided by the end user and, if applicable, generated
during the IAM authentication process (for example, temporary IAM credentials). For
more information, see the RedshiftProperty class
This parameter is optional.
auto_create
-
Default value – False
-
Data type – Boolean
A value that indicates whether to create the user if the user doesn't exist.
This parameter is optional.
client_id
-
Default value – None
-
Data type – String
The client ID from Azure IdP.
This parameter is optional.
client_secret
-
Default value – None
-
Data type – String
The client secret from Azure IdP.
This parameter is optional.
cluster_identifier
-
Default value – None
-
Data type – String
The cluster identifier of the Amazon Redshift cluster.
This parameter is optional.
credentials_provider
-
Default value – None
-
Data type – String
The IdP that is used for authenticating with Amazon Redshift. Following are valid values:
-
AdfsCredentialsProvider
-
AzureCredentialsProvider
-
BrowserAzureCredentialsProvider
-
BrowserAzureOAuth2CredentialsProvider
-
BrowserIdcAuthPlugin
– An authorization plugin using Amazon IAM Identity Center. -
BrowserSamlCredentialsProvider
-
IdpTokenAuthPlugin
– An authorization plugin that accepts an Amazon IAM Identity Center token or OpenID Connect (OIDC) JSON-based identity tokens (JWT) from any web identity provider linked to the Amazon IAM Identity Center. -
PingCredentialsProvider
-
OktaCredentialsProvider
This parameter is optional.
database
-
Default value – None
-
Data type – String
The name of the database to which you want to connect.
This parameter is required.
database_metadata_current_db_only
-
Default value – True
-
Data type – Boolean
A value that indicates whether an application supports multidatabase datashare catalogs. The default value of True indicates that the application doesn't support multidatabase datashare catalogs for backward compatibility.
This parameter is optional.
db_groups
-
Default value – None
-
Data type – String
A comma-separated list of existing database group names that the user indicated by DbUser joins for the current session.
This parameter is optional.
db_user
-
Default value – None
-
Data type – String
The user ID to use with Amazon Redshift.
This parameter is optional.
endpoint_url
-
Default value – None
-
Data type – String
The Amazon Redshift endpoint URL. This option is only for Amazon internal use.
This parameter is optional.
group_federation
-
Default value – False
-
Data type – Boolean
This option specifies whether to use Amazon Redshift IDP groups.
This parameter is optional.
- true
-
Use Amazon Redshift Identity Provider (IDP) groups.
- false
-
Use STS API and GetClusterCredentials for user federation and specify db_groups for the connection.
host
-
Default value – None
-
Data type – String
The hostname of Amazon Redshift cluster.
This parameter is optional.
iam
-
Default value – False
-
Data type – Boolean
IAM authentication is enabled.
This parameter is required.
iam_disable_cache
-
Default value – False
-
Data type – Boolean
This option specifies whether the IAM credentials are cached. By default, the IAM credentials are cached. This improves performance when requests to the API gateway are throttled.
This parameter is optional.
idc_client_display_name
-
Default Value – Amazon Redshift Python connector
-
Data Type – String
The display name to be used for the client that's using BrowserIdcAuthPlugin.
This parameter is optional.
idc_region
-
Default Value – None
-
Data Type – String
The Amazon region where the Amazon IAM Identity Center instance is located.
This parameter is required only when authenticating using
BrowserIdcAuthPlugin
in the credentials_provider configuration
option.
idpPort
-
Default value – 7890
-
Data type – Integer
The listen port to which IdP sends the SAML assertion.
This parameter is required.
idp_response_timeout
-
Default value – 120
-
Data type – Integer
The timeout for retrieving SAML assertion from IdP.
This parameter is required.
idp_tenant
-
Default value – None
-
Data type – String
The IdP tenant.
This parameter is optional.
issuer_url
-
Default Value – None
-
Data Type – String
Points to the Amazon IAM Identity Center server's instance endpoint.
This parameter is required only when authenticating using
BrowserIdcAuthPlugin
in the credentials_provider configuration
option.
listen_port
-
Default value – 7890
-
Data type – Integer
The port that the driver uses to receive the SAML response from the identity provider or authorization code when using SAML, Azure AD, or Amazon IAM Identity Center services through a browser plugin.
This parameter is optional.
login_url
-
Default value – None
-
Data type – String
The single sign-on Url for the IdP.
This parameter is optional.
max_prepared_statements
-
Default value – 1000
-
Data type – Integer
The maximum number of prepared statements that can be open concurrently.
This parameter is required.
numeric_to_float
-
Default value – False
-
Data type – Boolean
This option specifies if the connector converts numeric data type values from decimal.Decimal to float. By default, the connector receives numeric data type values as decimal.Decimal and does not convert them.
We don't recommend enabling numeric_to_float for use cases that require precision, as results may be rounded.
For more information on decimal.Decimal and the tradeoffs between it and float,
see decimal —
Decimal fixed point and floating point arithmetic
This parameter is optional.
partner_sp_id
-
Default value – None
-
Data type – String
The Partner SP ID used for authentication with Ping.
This parameter is optional.
password
-
Default value – None
-
Data type – String
The password to use for authentication.
This parameter is optional.
port
-
Default value – 5439
-
Data type – Integer
The port number of the Amazon Redshift cluster.
This parameter is required.
preferred_role
-
Default value – None
-
Data type – String
The IAM role preferred for the current connection.
This parameter is optional.
principal_arn
-
Default value – None
-
Data type – String
The Amazon Resource Name (ARN) of the user or IAM role for which you are generating a policy. It's recommended that you attach a policy to a role and then assign the role to your user, for access.
This parameter is optional.
profile
-
Default value – None
-
Data type – String
The name of a profile in an Amazon credentials file that contains Amazon credentials.
This parameter is optional.
provider_name
-
Default value – None
-
Data type – String
The name of the Redshift Native Authentication Provider.
This parameter is optional.
region
-
Default value – None
-
Data type – String
The Amazon Web Services Region where the cluster is located.
This parameter is optional.
role_arn
-
Default value – None
-
Data type – String
The Amazon Resource Name (ARN) of the role that the caller is assuming. This
parameter is used by the provider indicated by JwtCredentialsProvider
.
For the JwtCredentialsProvider
provider, this parameter is mandatory.
Otherwise, this parameter is optional.
role_session_name
-
Default value – jwt_redshift_session
-
Data type – String
An identifier for the assumed role session. Typically, you pass the name or
identifier that is associated with the user who is using your application. The
temporary security credentials that your application uses are associated with that
user. This parameter is used by the provider indicated by
JwtCredentialsProvider
.
This parameter is optional.
scope
-
Default value – None
-
Data type – String
A space-separated list of scopes to which the user can consent. You specify this parameter so that your application can get consent for APIs that you want to call. You can specify this parameter when you specify BrowserAzureOAuth2CredentialsProvider for the credentials_provider option.
This parameter is required for the BrowserAzureOAuth2CredentialsProvider plug-in.
secret_access_key_id
-
Default value – None
-
Data type – String
The secret access key for the IAM role or user configured for IAM database authentication.
This parameter is optional.
session_token
-
Default value – None
-
Data type – String
The access key for the IAM role or user configured for IAM database authentication. This parameter is required if temporary Amazon credentials are being used.
This parameter is optional.
serverless_acct_id
-
Default value – None
-
Data type – String
The Amazon Redshift Serverless account ID.
This parameter is optional.
serverless_work_group
-
Default value – None
-
Data type – String
The Amazon Redshift Serverless workgroup name.
This parameter is optional.
ssl
-
Default value – True
-
Data type – Boolean
Secure Sockets Layer (SSL) is enabled.
This parameter is required.
ssl_insecure
-
Default value – True
-
Data type – Boolean
A value that specifies whether the IdP hosts server certificate is to be verified.
This parameter is optional.
sslmode
-
Default value – verify-ca
-
Data type – String
The security of the connection to Amazon Redshift. You can specify either of the following:
-
verify-ca
-
verify-full
This parameter is required.
timeout
-
Default value – None
-
Data type – Integer
The number of seconds before the connection to the server times out.
This parameter is optional.
token
-
Default Value – None
-
Data Type – String
An Amazon IAM Identity Center provided access token or an OpenID Connect (OIDC) JSON Web Token (JWT) provided by a web identity provider that's linked with Amazon IAM Identity Center. Your application must generate this token by authenticating the user of your application with Amazon IAM Identity Center or an identity provider linked with Amazon IAM Identity Center.
This parameter works with IdpTokenAuthPlugin
.
token_type
-
Default Value – None
-
Data Type – String
The type of token that is being used in IdpTokenAuthPlugin
.
You can specify the following values:
- ACCESS_TOKEN
-
Enter this if you use an Amazon IAM Identity Center provided access token.
- EXT_JWT
-
Enter this if you use an OpenID Connect (OIDC) JSON Web Token (JWT) provided by a web-based identity provider that's integrated with Amazon IAM Identity Center.
This parameter works with IdpTokenAuthPlugin
.
user
-
Default value – None
-
Data type – String
The user name to use for authentication.
This parameter is optional.
web_identity_token
-
Default value – None
-
Data type – String
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the
identity provider. Make sure that your application gets this token by authenticating
the user who is using your application with a web identity provider. The provider
indicated by JwtCredentialsProvider
uses this parameter.
For the JwtCredentialsProvider
provider, this parameter is mandatory.
Otherwise, this parameter is optional.