By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Redshift serverless External Schema access

0

I created an external schema (for glue data catalog and subsequent s3 data) in Redshift Serverless using query editor v2. For the IAM role I used 'SESSION' to make sure that all the users that are accessing the schema tables will need to provide individual IAM session tokens and do through the Lake Formation for each user/role.

CREATE external SCHEMA glue_catalog_2
FROM data catalog DATABASE 'my_database'
IAM_ROLE 'SESSION'
CATALOG_ID 'my_acc_id'

I can access the schema from my python code however I can't see tables in it using RS query editor v2. When I am trying to grant the access to this schema for my AWS Console role

GRANT ALL ON external SCHEMA glue_catalog_2 to iam_role 'my-role-arn';

I get the error 'ERROR: No session credential found'

Questions

  1. Is it possible to achieve behavior described above and see that schema in RS query editor?
  2. When the external schema is using the SESSION access type, is it possible to create materialized view using data in that schema and how will access to it be controlled for other users
Topics
Analytics
Tags
Amazon Redshift
Language
English
Denys
asked 8 months ago404 views
1 Answer
0

Make sure you are logging on to database in QEv2 using Federated user for authentication. If still you cannot see the objects then try grant usage on <schema_name> to "IAMR:<role_name>";

Once a materialized view is created then it becomes a local object in Redshift and the data is now stored in Redshift. You can control access to it as if its a table using standard GRANT statements.

profile pictureAWS
MilindOke
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content