- Newest
- Most votes
- Most comments
Hi buraktas,
I don't think you need the Drop command if you didn't use an identity provider before.
Regarding the <idp_name>, I think you can choose whatever you want as name.
Can you check if you have an idp configured?
https://docs.aws.amazon.com/redshift/latest/dg/r_DESC_IDENTITY_PROVIDER.html
DESC IDENTITY PROVIDER *;
Sincerely Heiko
Hi buraktas,
I looked into your issue. Please refer to this blog - https://aws.amazon.com/blogs/big-data/integrate-okta-with-amazon-redshift-query-editor-v2-using-aws-iam-identity-center-for-seamless-single-sign-on/
After you have created new Redshift IAM IDC application, Amazon Redshift database administrator needs to configure new Redshift resources to work in alignment with IAM Identity Center to make sign-in and data access easier. This is performed as part of the steps to create a provisioned cluster or a Serverless workgroup. Refer to section - Enabling IAM Identity Center integration for a new Amazon Redshift provisioned cluster or Amazon Redshift Serverless
If you have an existing provisioned cluster or serverless workgroup that you would like to enable for IAM Identity Center integration, then you can do that by running a SQL command. Refer to section - Associating an IAM Identity Center application with an existing provisioned cluster or Serverless endpoint
Let me know if you have any questions.
Thanks & Regards,
Maneesh Sharma
Hey Maneesh, as I mentioned in the post, we don't use any external idp so the okta example won't work in this case. IAM Identity Center itself is the default idp
Hi @buraktas, you don't need any external IdP. which step you are currently on and what is the error you are getting? Also, is it possible for you to submit a AWS support case and share with me? this will help to expedite and we can talk on this issue. Thanks.
you dont need to run drop and alter command until you have existing identity provider and want to update that. why dont you spin up a new cluster and try ?
Hi @aws-msharma true we don't need any external idp. I already opened a support ticket to AWS team which they need to talk with internal team since the documentation is not clear about setting it up for existing clusters. As you said, drop and alter commands are for clusters configured with existing idp. I created User Groups and IAM roles with same name as suggested from the documentation where the IAM Identity Center is managed from Management account. However, when I try to login with IAM IDC option into QEV2 it fails with "databases can't be listed". The related CaseID is "170319906701489"
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
true I didn't use any identity provider before. Thus, I am getting
ERROR: identity provider "amazon-redshift-data-uat" does not exist
Can you run: DESC IDENTITY PROVIDER *; ?
This also returns empty list. https://docs.aws.amazon.com/redshift/latest/dg/r_SVV_IDENTITY_PROVIDERS.html
I get
ERROR: syntax error at or near "*" Position: 47
for that queryit is definitely incomplete.