|
3 | 3 | { |
4 | 4 | "cell_type": "markdown", |
5 | 5 | "metadata": { |
6 | | - "collapsed": true, |
7 | | - "pycharm": { |
8 | | - "name": "#%% md\n" |
9 | | - } |
| 6 | + "collapsed": true |
10 | 7 | }, |
11 | 8 | "source": [ |
12 | 9 | "# Connecting to Amazon Redshift" |
|
22 | 19 | }, |
23 | 20 | { |
24 | 21 | "cell_type": "markdown", |
25 | | - "metadata": { |
26 | | - "pycharm": { |
27 | | - "name": "#%% md\n" |
28 | | - } |
29 | | - }, |
| 22 | + "metadata": {}, |
30 | 23 | "source": [ |
31 | 24 | "## Using Database credentials\n", |
32 | 25 | "Raw database credentials can be used for establishing a connection to an Amazon Redshift cluster. While straight forward, this approach lack the strong security and user access controls provides by Identity and access management (IAM) and identity provider (IdP) plugins." |
|
35 | 28 | { |
36 | 29 | "cell_type": "code", |
37 | 30 | "execution_count": null, |
38 | | - "metadata": { |
39 | | - "pycharm": { |
40 | | - "name": "#%%\n" |
41 | | - } |
42 | | - }, |
| 31 | + "metadata": {}, |
43 | 32 | "outputs": [], |
44 | 33 | "source": [ |
45 | 34 | "import redshift_connector\n", |
|
79 | 68 | }, |
80 | 69 | { |
81 | 70 | "cell_type": "markdown", |
82 | | - "metadata": { |
83 | | - "pycharm": { |
84 | | - "name": "#%% md\n" |
85 | | - } |
86 | | - }, |
| 71 | + "metadata": {}, |
87 | 72 | "source": [ |
88 | 73 | "## Using IAM Credentials\n", |
89 | 74 | "IAM Credentials can be supplied directly to ``connect(...)`` using an AWS profile. This approach allows users the option of using temporary credentials and limiting the permissions the connected user has." |
|
92 | 77 | { |
93 | 78 | "cell_type": "code", |
94 | 79 | "execution_count": null, |
95 | | - "metadata": { |
96 | | - "pycharm": { |
97 | | - "name": "#%%\n" |
98 | | - } |
99 | | - }, |
| 80 | + "metadata": {}, |
100 | 81 | "outputs": [], |
101 | 82 | "source": [ |
102 | 83 | "import redshift_connector\n", |
|
122 | 103 | }, |
123 | 104 | { |
124 | 105 | "cell_type": "markdown", |
125 | | - "metadata": { |
126 | | - "pycharm": { |
127 | | - "name": "#%% md\n" |
128 | | - } |
129 | | - }, |
| 106 | + "metadata": {}, |
130 | 107 | "source": [ |
131 | 108 | "`~/.aws/credentials`\n", |
132 | 109 | "```\n", |
|
144 | 121 | }, |
145 | 122 | { |
146 | 123 | "cell_type": "markdown", |
147 | | - "metadata": { |
148 | | - "pycharm": { |
149 | | - "name": "#%% md\n" |
150 | | - } |
151 | | - }, |
| 124 | + "metadata": {}, |
152 | 125 | "source": [ |
153 | 126 | "Alternatively, IAM credentials can be supplied directly to ``connect(...)`` using AWS credentials as shown below:" |
154 | 127 | ] |
155 | 128 | }, |
156 | 129 | { |
157 | 130 | "cell_type": "code", |
158 | 131 | "execution_count": null, |
159 | | - "metadata": { |
160 | | - "pycharm": { |
161 | | - "name": "#%%\n" |
162 | | - } |
163 | | - }, |
| 132 | + "metadata": {}, |
164 | 133 | "outputs": [], |
165 | 134 | "source": [ |
166 | 135 | "import redshift_connector\n", |
|
182 | 151 | }, |
183 | 152 | { |
184 | 153 | "cell_type": "markdown", |
185 | | - "metadata": { |
186 | | - "pycharm": { |
187 | | - "name": "#%% md\n" |
188 | | - } |
189 | | - }, |
| 154 | + "metadata": {}, |
190 | 155 | "source": [ |
191 | 156 | "# Connecting using an Amazon Redshift Authentication Profile\n", |
192 | 157 | "An Amazon Redshift authentication profile can be used for authentication with Amazon Redshift via ``redshift_connector``. This approach allows connection properties to be stored in the server side and retrieved by ``redshift_connector``. Any connection parameter which appears in both the authentication profile and is directly provided to ``redshift_connector.connect(...)`` will be overriden by the value provided in the authentication profile.\n", |
|
201 | 166 | { |
202 | 167 | "cell_type": "code", |
203 | 168 | "execution_count": null, |
204 | | - "metadata": { |
205 | | - "pycharm": { |
206 | | - "name": "#%%\n" |
207 | | - } |
208 | | - }, |
| 169 | + "metadata": {}, |
209 | 170 | "outputs": [], |
210 | 171 | "source": [ |
211 | 172 | "import boto3\n", |
|
221 | 182 | "}\n", |
222 | 183 | "\n", |
223 | 184 | "try:\n", |
224 | | - " client = boto3.client(\"redshift\")\n", |
| 185 | + " client = boto3.client(\"redshift\", \"us-east-2\")\n", |
225 | 186 | " client.create_authentication_profile(\n", |
226 | 187 | " AuthenticationProfileName=\"QAProfile\",\n", |
227 | 188 | " AuthenticationProfileContent=json.dumps(authentication_profile_contents)\n", |
|
232 | 193 | }, |
233 | 194 | { |
234 | 195 | "cell_type": "markdown", |
235 | | - "metadata": { |
236 | | - "pycharm": { |
237 | | - "name": "#%% md\n" |
238 | | - } |
239 | | - }, |
| 196 | + "metadata": {}, |
240 | 197 | "source": [ |
241 | 198 | "The Redshift authentication profile, named ``QAProfile`` has been created. This profile is intended for use by a QA team who would like to avoid hard-coded references to a specific cluster in their projects. Its contents are in JSON format and contain fields such as ``host`` and ``cluster_identifier``.\n", |
242 | 199 | "\n", |
|
246 | 203 | { |
247 | 204 | "cell_type": "code", |
248 | 205 | "execution_count": null, |
249 | | - "metadata": { |
250 | | - "pycharm": { |
251 | | - "name": "#%%\n" |
252 | | - } |
253 | | - }, |
| 206 | + "metadata": {}, |
254 | 207 | "outputs": [], |
255 | 208 | "source": [ |
256 | 209 | "import redshift_connector\n", |
|
270 | 223 | }, |
271 | 224 | { |
272 | 225 | "cell_type": "markdown", |
273 | | - "metadata": { |
274 | | - "pycharm": { |
275 | | - "name": "#%% md\n" |
276 | | - } |
277 | | - }, |
| 226 | + "metadata": {}, |
278 | 227 | "source": [ |
279 | | - "Noting the ``region`` parameter above, we can see that while the Amazon Redshift authentication profile lives in ``us-west-2``, ``examplecluster`` lives in ``us-west-1``. When retrieving temporary IAM credentials to connect to this cluster, the ``region`` provided in the authentication profile will be used.\n", |
| 228 | + "Noting the ``region`` parameter above, we can see that while the Amazon Redshift authentication profile lives in ``us-west-2``, ``examplecluster`` lives in ``us-west-1``. When retrieving temporary IAM credentials to connect to this cluster, provide the ``region`` where the Redshift authentication profile lives and not the region of the cluster. ``region`` provided above is the region where the authentication profile is created as shown in `` client = boto3.client(\"redshift\", \"us-east-2\")``.\n", |
280 | 229 | "\n", |
281 | 230 | "Please see the ``redshift_connector.RedshiftProperty`` class for guidance on how to define the key and value contents of the JSON authentication profile contents.\n", |
282 | 231 | "\n", |
|
286 | 235 | { |
287 | 236 | "cell_type": "code", |
288 | 237 | "execution_count": null, |
289 | | - "metadata": { |
290 | | - "pycharm": { |
291 | | - "name": "#%%\n" |
292 | | - } |
293 | | - }, |
| 238 | + "metadata": {}, |
294 | 239 | "outputs": [], |
295 | 240 | "source": [ |
296 | 241 | "try:\n", |
|
313 | 258 | }, |
314 | 259 | { |
315 | 260 | "cell_type": "markdown", |
316 | | - "metadata": { |
317 | | - "pycharm": { |
318 | | - "name": "#%% md\n" |
319 | | - } |
320 | | - }, |
| 261 | + "metadata": {}, |
321 | 262 | "source": [ |
322 | 263 | "## Authenticating using Active Directory Federation Service (ADFS) identity provider plugin" |
323 | 264 | ] |
324 | 265 | }, |
325 | 266 | { |
326 | 267 | "cell_type": "code", |
327 | 268 | "execution_count": null, |
328 | | - "metadata": { |
329 | | - "pycharm": { |
330 | | - "name": "#%%\n" |
331 | | - } |
332 | | - }, |
| 269 | + "metadata": {}, |
333 | 270 | "outputs": [], |
334 | 271 | "source": [ |
335 | 272 | "import redshift_connector\n", |
|
348 | 285 | }, |
349 | 286 | { |
350 | 287 | "cell_type": "markdown", |
351 | | - "metadata": { |
352 | | - "pycharm": { |
353 | | - "name": "#%% md\n" |
354 | | - } |
355 | | - }, |
| 288 | + "metadata": {}, |
356 | 289 | "source": [ |
357 | 290 | "## Authenticating using Azure identity provider plugin\n", |
358 | 291 | "Values for `client_id`, `client_secret` can be created and found within the Enterprise Application created with Azure." |
|
361 | 294 | { |
362 | 295 | "cell_type": "code", |
363 | 296 | "execution_count": null, |
364 | | - "metadata": { |
365 | | - "pycharm": { |
366 | | - "name": "#%%\n" |
367 | | - } |
368 | | - }, |
| 297 | + "metadata": {}, |
369 | 298 | "outputs": [], |
370 | 299 | "source": [ |
371 | 300 | "import redshift_connector\n", |
372 | 301 | "\n", |
373 | 302 | "conn: redshift_connector.Connection = redshift_connector.connect(\n", |
374 | 303 | " iam=True,\n", |
375 | 304 | " database='dev',\n", |
| 305 | + " region='us-east-1',\n", |
376 | 306 | " cluster_identifier='my-testing-cluster',\n", |
377 | 307 | " credentials_provider='AzureCredentialsProvider',\n", |
378 | 308 | " user='brooke@myazure.org',\n", |
|
386 | 316 | }, |
387 | 317 | { |
388 | 318 | "cell_type": "markdown", |
389 | | - "metadata": { |
390 | | - "pycharm": { |
391 | | - "name": "#%% md\n" |
392 | | - } |
393 | | - }, |
| 319 | + "metadata": {}, |
394 | 320 | "source": [ |
395 | 321 | "## Authenticating using Azure Browser identity provider plugin" |
396 | 322 | ] |
397 | 323 | }, |
398 | 324 | { |
399 | 325 | "cell_type": "code", |
400 | 326 | "execution_count": null, |
401 | | - "metadata": { |
402 | | - "pycharm": { |
403 | | - "name": "#%%\n" |
404 | | - } |
405 | | - }, |
| 327 | + "metadata": {}, |
406 | 328 | "outputs": [], |
407 | 329 | "source": [ |
408 | 330 | "import redshift_connector\n", |
|
421 | 343 | }, |
422 | 344 | { |
423 | 345 | "cell_type": "markdown", |
424 | | - "metadata": { |
425 | | - "pycharm": { |
426 | | - "name": "#%% md\n" |
427 | | - } |
428 | | - }, |
| 346 | + "metadata": {}, |
429 | 347 | "source": [ |
430 | 348 | "## Authenticating using Okta identity provider plugin\n", |
431 | 349 | "Values for `idp_host`, `app_id`, and `app_name` can be located within the Okta application created." |
|
434 | 352 | { |
435 | 353 | "cell_type": "code", |
436 | 354 | "execution_count": null, |
437 | | - "metadata": { |
438 | | - "pycharm": { |
439 | | - "name": "#%%\n" |
440 | | - } |
441 | | - }, |
| 355 | + "metadata": {}, |
442 | 356 | "outputs": [], |
443 | 357 | "source": [ |
444 | 358 | "import redshift_connector\n", |
445 | 359 | "\n", |
446 | 360 | "conn: redshift_connector.Connection = redshift_connector.connect(\n", |
447 | 361 | " iam=True,\n", |
448 | 362 | " database='dev',\n", |
| 363 | + " region='us-east-1',\n", |
449 | 364 | " cluster_identifier='my-testing-cluster',\n", |
450 | 365 | " credentials_provider='OktaCredentialsProvider',\n", |
451 | 366 | " user='brooke@myazure.org',\n", |
|
458 | 373 | }, |
459 | 374 | { |
460 | 375 | "cell_type": "markdown", |
461 | | - "metadata": { |
462 | | - "pycharm": { |
463 | | - "name": "#%% md\n" |
464 | | - } |
465 | | - }, |
| 376 | + "metadata": {}, |
466 | 377 | "source": [ |
467 | 378 | "## Authenticating using JumpCloud via generic Saml Browser identity provider plugin" |
468 | 379 | ] |
469 | 380 | }, |
470 | 381 | { |
471 | 382 | "cell_type": "code", |
472 | 383 | "execution_count": null, |
473 | | - "metadata": { |
474 | | - "pycharm": { |
475 | | - "name": "#%%\n" |
476 | | - } |
477 | | - }, |
| 384 | + "metadata": {}, |
478 | 385 | "outputs": [], |
479 | 386 | "source": [ |
480 | 387 | "import redshift_connector\n", |
|
521 | 428 | " pass" |
522 | 429 | ], |
523 | 430 | "metadata": { |
524 | | - "collapsed": false, |
525 | | - "pycharm": { |
526 | | - "name": "#%%\n" |
527 | | - } |
| 431 | + "collapsed": false |
528 | 432 | } |
529 | 433 | }, |
530 | 434 | { |
|
557 | 461 | " pass\n" |
558 | 462 | ], |
559 | 463 | "metadata": { |
560 | | - "collapsed": false, |
561 | | - "pycharm": { |
562 | | - "name": "#%%\n" |
563 | | - } |
| 464 | + "collapsed": false |
564 | 465 | } |
565 | 466 | } |
566 | 467 | ], |
|
0 commit comments