- Newest
- Most votes
- Most comments
I did it with the Query Editor v2 scheduler, carefully following the documentation: https://docs.aws.amazon.com/redshift/latest/mgmt/query-editor-v2-schedule-query.html
The key, in my case, was to authenticate using Temporary credentials, allowing the IAM Role to access database credentials of a specific dbuser:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "UseTemporaryCredentialsForAllDbUsers",
"Effect": "Allow",
"Action": "redshift:GetClusterCredentials",
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/awsuser",
"arn:aws:redshift:*:*:dbuser:*/myuser"
]
}
]
}
Hi
You could use the visual ETL approach to make sure your connection works, then copy the script generated into a new job, and modify the ETL logic accordingly.
Also, an important step when it comes to Redshift is the Glue job must use the correct VPC otherwise the DB won't be reachable. For further details, check Redshift connections
Thanks, Rama
That's a good approach if the job actually is to perform ETL operations, because it has to have at least a source and a target. This is not the case, I just want to run a refresh materialized view command. After carefully reading the documentation, I managed to get the scheduled queries in Query Editor v2 to work, so I'm leaving the Glue job on hold.
I added code to the script, trying to replicate what the Redshift Query Editor V2 Scheduled queries do, using temporary credentials from a database user:
# Assume IAM Role
sts_client = boto3.client('sts')
assumed_role = sts_client.assume_role(
RoleArn='arn:aws:iam::000000:role/service-role/AmazonRedshift-CommandsAccessRole',
RoleSessionName='RedshiftSession'
)
# Get temporary credentials
credentials = assumed_role['Credentials']
# Create redshift-data API client using temporary credentials
redshift_client = boto3.client(
'redshift-data',
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken']
)
# Create function
Unfortunately, I got this error (which makes sense): Connect timeout on endpoint URL: "https://sts.amazonaws.com/"
Relevant content
- asked a year ago
- asked 5 months ago
- asked a year ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Why can’t u use a scheduled query?