By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

how to secure username and password through redshift connection string

0

I have created Redshift data source from Athena Console using Lambda Connector. while giving configurations in Lambda connector, we need to give Redshift JDBC URL which is supporting the following format: redshift://jdbc:redshift://<JDBC_URL>?user=<USERNAME>&password=<PASSWORD>

Issue is: I don't want to hardcode the username and password. So I stored user and pass in secret manager and using those variables here, I tried following ways but none of them is working. please let me know other way how i can store secrets in redshift url mentioned above:

my ways: (example username = abc, password = xyz, and correct jdbc url)

  1. redshift://jdbc:redshift://<JDBC_URL>?username=${username}&password=${password}
  2. redshift://jdbc:redshift://<JDBC_URL>?${secret name}

Lambda has permission to read data from secret manager as well.

please let me know as i dont want to hardcode my credentials

Topics
AnalyticsServerlessCompute
Tags
Amazon AthenaAWS LambdaAmazon Redshift
Language
English
simi
asked 19 days ago169 views
1 Answer
0

Hi,

As per this documentation, You can put the name of a secret in AWS Secrets Manager in your JDBC connection string. The connector replaces the secret name with the username and password values from Secrets Manager.

There are also couple of examples mentioned in the document:

Example connection string with secret name The following string has the secret name ${Test/RDS/ Redshift1}.

redshift://jdbc:redshift://redshift1.host:3306/default?...&${Test/RDS/Redshift1}&...

The connector uses the secret name to retrieve secrets and provide the user name and password, as in the following example.

redshift://jdbc:redshift://redshift1.host:3306/default?...&user=sample2&password=sample2&...

Currently, the Redshift connector recognizes the user and password JDBC properties.

Hope this is helpful!

Thanks, Rama

profile pictureAWS
Rama
answered 15 days ago
  • simi
    14 days ago

    Way1: I tried putting secret name like you gave but its not working my url is: redshift://jdbc:redshift://<JDBC URL>?${secret name} in place of secret name i have given name of secret. and correct jdbc url as well

    Errror: Failed to invoke lambda function due to com.amazonaws.services.lambda.invoke.LambdaFunctionException: User must not be blank

    way 2: in this format, it is suggesting to expose the credentials that I don't want to do, When I am hardcoding the user and password, it is working, but that is not the solution I want

    Failed to invoke lambda function due to com.amazonaws.services.lambda.invoke.LambdaFunctionException: Secrets Manager can't find the specified secret. (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 1f80b863-e5b9-4683-b9fb-6eb1957504e9; Proxy: null)

    NOTE: I've provided full access of Secrets Manager to lambda function

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content