Connecting to an Amazon Redshift database
To connect to a database, choose the cluster or workgroup name in the tree-view panel. If prompted, enter the connection parameters.
When you connect to a cluster or workgroup and its databases, you usually provide a Database name. You also provide parameters required for one of the following authentication methods:
- IAM Identity Center
-
With this method, connect to your Amazon Redshift data warehouse with your single sign-on credentials from your identity provider (IdP). Your cluster or workgroup must be enabled for IAM Identity Center in the Amazon Redshift console. For help setting up connections to IAM Identity Center, see Connect Redshift with Amazon IAM Identity Center for a single sign-on experience.
- Federated user
-
With this method, the principal tags of your IAM role or user must provide the connection details. You configure these tags in Amazon Identity and Access Management or your identity provider (IdP). The query editor v2 relies on the following tags.
-
RedshiftDbUser
– This tag defines the database user that is used by query editor v2. This tag is required. -
RedshiftDbGroups
– This tag defines the database groups that are joined when connecting to query editor v2. This tag is optional and its value must be a colon-separated list such asgroup1:group2:group3
. Empty values are ignored, that is,group1::::group2
is interpreted asgroup1:group2
.
These tags are forwarded to the
redshift:GetClusterCredentials
API to get credentials for your cluster. For more information, see Setting up principal tags to connect a cluster or workgroup from query editor v2. -
- Temporary credentials using a database user name
-
This option is only available when connecting to a cluster. With this method, query editor v2, provide a User name for the database. The query editor v2 generates a temporary password to connect to the database as your database user name. A user using this method to connect must be allowed IAM permission to
redshift:GetClusterCredentials
. To prevent users from using this method, modify their IAM user or role to deny this permission. - Temporary credentials using your IAM identity
-
This option is only available when connecting to a cluster. With this method, query editor v2 maps a user name to your IAM identity and generates a temporary password to connect to the database as your IAM identity. A user using this method to connect must be allowed IAM permission to
redshift:GetClusterCredentialsWithIAM
. To prevent users from using this method, modify their IAM user or role to deny this permission. - Database user name and password
-
With this method, also provide a User name and Password for the database that you are connecting to. The query editor v2 creates a secret on your behalf stored in Amazon Secrets Manager. This secret contains credentials to connect to your database.
- Amazon Secrets Manager
-
With this method, instead of a database name, you provide a Secret stored in Secrets Manager that contains your database and sign-in credentials. For information about creating a secret, see Creating a secret for database connection credentials.
When you select a cluster or workgroup with query editor v2, depending on the context, you can create, edit, and delete connections using the context (right-click) menu. You can view attributes such as the Connection ARN of the connection by choosing Connection details. You can also edit tags attached to the connection.