Using IDP (AAD) to login to Redshift Query Editor v2

Question

Hello,

Here is my current situation where I need some help ;)

* I created user groups in Azure Active Directory and added users to it
* I connected AAD with AWS
* I have a redshift database with tables and granted certain rights to the groups (the ones in AAD)
* I connect to Power BI using my Office 365 account and can connect flawless to the data in Redshift

But I want the same functionality when logging on to the Redshift Query editor v2. Since I am already logged into the AWS environment, using IDP settings I was hoping/expecting that with these credentials I automatically could connect to the Redshift database with access to the data that was assigned to the group(s) I am member of.

What is the best way to configure it like this, so far I didn't find a solution that worked for me.

Looking forward to the answers.

René

Answer

This demo in re:Invent2023 session: "AWS re:Invent 2023 - Simplify and improve access control for your AWS analytics services (SEC245)" shows a solution using the newly released feature called Trusted Identity Propagation.

(that demo uses Okta instead of AAD but it should work the same way)

The following link takes you to the time at 31:16: https://youtu.be/Iwr0JihOevs?t=1876, which shows the authentication using the Identity Center single sign on session from Okta.

Also refer to this blog for technical details of the solution: https://aws.amazon.com/blogs/big-data/integrate-okta-with-amazon-redshift-query-editor-v2-using-aws-iam-identity-center-for-seamless-single-sign-on/

Answer

Thank you ver my much, I will have a look into this!

Using IDP (AAD) to login to Redshift Query Editor v2

Relevant content