Redshift native IdP - automatic roles creation
I followed this guideline to configure Redshift native IdP with AzureAD: https://aws.amazon.com/blogs/big-data/integrate-amazon-redshift-native-idp-federation-with-microsoft-azure-ad-using-a-sql-client/
This creates redshift roles based on AAD group assigned to azure enterprise application dedicated for redshift. It works fine, but it appears it also creates additional redshift roles. Basically it reads ALL AAD groups of a current user (even those that are not assigned to enterprise app) and creates a redshift role for each.
Is that by design or I misconfigured something?
Example:
- redshift_access group is the only group assigned to Redshift's enterprise application
- user is added to redshift_access group
- redshift creates roles for all user's AAD groups that have nothing to do with redshift
- 최신
- 최다 투표
- 가장 많은 댓글
That is the current behavior, all groups would be auto created as roles which current user is part of. There is no option of limiting which groups you want to create.
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 5달 전
- AWS 공식업데이트됨 10달 전
- AWS 공식업데이트됨 2년 전
