By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Redshift Serverless ODBC connection using AWS profile

0

Hi,

I am trying to establish ODBC connectivity between PowerBI and Redshift Serverless and have a bit of a trouble. When using the latest ODBC Redshift driver and trying to authenticate using AWS profile (with access and secret key as well as the role to assume), the connectivity test fails with error that assumed role is not authorized to do redshift:GetClusterCredentials. But given that it is the serverless redshift, there is no cluster.

My use case is: Data is in S3 with metadata in Glue Catalog table created for it. Lake Formation is used with tag-based access control configured. External schema created in Redshift Serverless pointing to the database in Glue Catalog. IAM role created granting access to Redshift and also granted permissions in lakeformation to access data. Provisioned IAM User for the PowerBI user which is assuming the role mentioned above.

[profile redshift-assume]
role_arn = arn:aws:iam::redshift_role_to_assume
source_profile = user_profile_with_keys

Would be keen to hear from Redshift gurus on how do I achieve the goal of connecting Redshift Serverless with PowerBI using AWS profile.

Thank you

Topics
ServerlessAnalytics
Tags
ServerlessAmazon Redshift
Language
English
Denys
asked 5 months ago395 views
4 Answers
0

Hi Ziad, Originally it didn't have that permission since it is policy for the redshift serverless and not the redshift. It does have the "redshift-serverless:GetCredentials" though.

However I did an experiment and added the permission it was complaining about. With no surprise the error changed after that saying that there is no cluster endpoint which is correct and there is no cluster because redshift serverless doesn't have one but uses the workgroup instead. By the looks of it the ODBC driver inherently tries to connect to the cluster based environment and not the serverless one. I am looking for the advice on how does one connect PowerBI with Redshift Serverless using the AWS profile config

Denys
answered 5 months ago
  • Ziad EXPERT
    5 months ago

    Hi again Denys,

    Thank you for all these details. I fully got what you are trying to do. Have you tried to keep the cluster ID, region, ... fields empty (these are normally optional) and just stick with the server/host field?

    Thanks

  • Denys
    5 months ago

    Yep, I haven't been using those at all

  • Ziad EXPERT
    5 months ago

    I generated the same use case and yes as you mentioned it seems that the ODBC AWS profile authentication is not yet supported for Redshift Serverless. I will raise this point. Thank you Denys.

0

Hi Denys,

Does the assumed role contain a policy with the GetCredentials permission on the Serverless endpoint?

Thanks,

Ziad

AWS
EXPERT
Ziad
answered 5 months ago
0

Hi Denys,

If you ensure your ODBC driver is the latest available (2.0.0.9 currently available here), connection via AWS Profile will work. Older ODBC driver versions may face issues.

profile pictureAWS
EXPERT
Sean Beath
answered 5 months ago
0

Thank you @Sean Beath and @Ziad - it was a great turn around so big shout out to all involved!

Denys
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content