Redshift IAM auth is not working with temp credentials

Question

Hey people.

I'm trying to connect in a Redshift instance using a role temporary credential, but It's not working passing keys directly in JDBC url.

The following code is being executed:

```
var url = "jdbc:redshift:iam://INSTANCE.ACCOUNT.REGION.redshift-serverless.amazonaws.com:5439/DATABASE;" +
        "AccessKeyID=" + accessKey +
        "&SecretAccessKey=" + secretAccessKey +
        "&SessionToken=" + sessionToken +
        "&AutoCreate=true";

var connection = DriverManager.getConnection(url);
```

And getting the error bellow:

```
Caused by: com.amazonaws.services.redshiftserverless.model.AWSRedshiftServerlessException: The security token included in the request is invalid (Service: AWSRedshiftServerless; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: ######; Proxy: null)
```

But if I put the same values in a profile in credentials file, I connect successfully.
The next piece of code works well:
```
var url = "jdbc:redshift:iam://INSTANCE.ACCOUNT.REGION.redshift-serverless.amazonaws.com:5439/DATABASE;" +
        "Profile=default" +
        "&AutoCreate=true";

var connection = DriverManager.getConnection(url);
```

What I need to do to connect using keys directly?

Accepted Answer

I found out what the problem was.
It´s necessary to encode some chars in the keys as indicated in S3 documentation:

> HMAC request signatures must be Base64 encoded. Base64 encoding converts the signature into a simple ASCII string that can be attached to the request. Characters that could appear in the signature string like plus (+), forward slash (/), and equals (=) must be encoded if used in a URI. For example, if the authentication code includes a plus (+) sign, encode it as %2B in the request. Encode a forward slash as %2F and equals as %3D.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html

Redshift IAM auth is not working with temp credentials

관련 콘텐츠