Using identity provider plugins
For general information on how to use identity provider plugins, see Options for providing IAM credentials. For more information about managing IAM identities, including best practices for IAM roles, see Identity and access management in Amazon Redshift.
Authentication using the ADFS identity provider plugin
Following is an example of using the Active Directory Federation Service (ADFS) identity provider plugin to authenticate a user connecting to an Amazon Redshift database.
>>> con = redshift_connector.connect( iam=True, database='dev', host='my-testing-cluster.abc.us-east-2.redshift.amazonaws.com', cluster_identifier='my-testing-cluster', credentials_provider='AdfsCredentialsProvider', user='brooke@myadfshostname.com', password='Hunter2', idp_host='myadfshostname.com' )
Authentication using the Azure identity provider plugin
Following is an example of authentication using the Azure identity provider
plugin. You can create values for a client_id
and
client_secret
for an Azure Enterprise application as shown
following.
>>> con = redshift_connector.connect( iam=True, database='dev', host='my-testing-cluster.abc.us-east-2.redshift.amazonaws.com', cluster_identifier='my-testing-cluster', credentials_provider='AzureCredentialsProvider', user='brooke@myazure.org', password='Hunter2', idp_tenant='my_idp_tenant', client_id='my_client_id', client_secret='my_client_secret', preferred_role='arn:aws:iam:123:role/DataScientist' )
Authentication using the Amazon IAM Identity Center identity provider plugin
Following is an example of authentication using the Amazon IAM Identity Center identity provider plugin.
with redshift_connector.connect( credentials_provider='BrowserIdcAuthPlugin', host='my-testing-cluster.abc.us-east-2.redshift.amazonaws.com', database='dev', idc_region='us-east-1', issuer_url='https://identitycenter.amazonaws.com/ssoins-790723ebe09c86f9', idp_response_timeout=60, listen_port=8100, idc_client_display_name='Test Display Name', # port value of 5439 is specified by default )
Authentication using Azure Browser identity provider plugin
Following is an example of using the Azure Browser identity provider plugin to authenticate a user connecting to an Amazon Redshift database.
Multi-factor authentication occurs in the browser, where the sign-in credentials are provided by the user.
>>>con = redshift_connector.connect( iam=True, database='dev', host='my-testing-cluster.abc.us-east-2.redshift.amazonaws.com', cluster_identifier='my-testing-cluster', credentials_provider='BrowserAzureCredentialsProvider', idp_tenant='my_idp_tenant', client_id='my_client_id', )
Authentication using the Okta identity provider plugin
Following is an example of authentication using the Okta identity provider plugin.
You can obtain the values for idp_host
, app_id
and
app_name
through the Okta application.
>>> con = redshift_connector.connect( iam=True, database='dev', host='my-testing-cluster.abc.us-east-2.redshift.amazonaws.com', cluster_identifier='my-testing-cluster', credentials_provider='OktaCredentialsProvider', user='brooke@myazure.org', password='hunter2', idp_host='my_idp_host', app_id='my_first_appetizer', app_name='dinner_party' )
Authentication using JumpCloud with a generic SAML browser identity provider plugin
Following is an example of using JumpCloud with a generic SAML browser identity provider plugin for authentication.
The password parameter is required. However, you don't have to enter this parameter because multi-factor authentication occurs in the browser.
>>> con = redshift_connector.connect( iam=True, database='dev', host='my-testing-cluster.abc.us-east-2.redshift.amazonaws.com', cluster_identifier='my-testing-cluster', credentials_provider='BrowserSamlCredentialsProvider', user='brooke@myjumpcloud.org', password='', login_url='https://sso.jumpcloud.com/saml2/plustwo_melody' )