Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Not able to query data through existing redshift serverless by changing the compute for it, in sagemaker unified studio.

0

I have created a compute connection for existing redshift serverless in sagemaker unified studio also added neccesary tag in workgroup as mentioned in the document.

Enter image description here As you can see compute is added successfully named test-workgroup But when I am trying to query the data in sagemaker unified studio using redshift and changing compute to existing redshift serverless compute Enter image description here i am facing this error Enter image description here ERROR: Current user is not authenticated with IAM credentials.

what is the possible solution

Topics
AnalyticsMachine Learning & AI
Tags
AWS GlueAmazon Redshift ServerlessAmazon SageMaker StudioAmazon DataZone
Language
English
asked 9 months ago239 views
1 Answer
0

Based on the information provided and the error you're encountering, it appears that there might be an issue with the authentication or permissions for your Redshift Serverless workgroup in SageMaker Unified Studio. Here are some possible solutions to address this issue:

  1. Verify IAM Role Permissions: Ensure that the IAM role associated with your SageMaker Unified Studio project has the necessary permissions to access the Redshift Serverless workgroup. The role should have permissions for actions like "redshift-serverless:GetCredentials" and "redshift-serverless:GetWorkgroup".

  2. Check Workgroup Tagging: Confirm that your Redshift Serverless workgroup is properly tagged with the key "RedshiftDataFullAccess". This tag is required for SageMaker Unified Studio to schedule queries on the workgroup.

  3. Inline Policy for IAM Role: As an alternative to tagging the workgroup, you can add an inline policy to the IAM role used by SageMaker Unified Studio. This policy should allow the "redshift-serverless:GetCredentials" action for all serverless workgroups. Here's an example policy:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "UseTemporaryCredentialsForAllServerlessWorkgroups",
            "Effect": "Allow",
            "Action": "redshift-serverless:GetCredentials",
            "Resource": [
                "arn:aws:redshift-serverless:*:*:workgroup/*"
            ]
        }
    ]
}

  4. Review Access Role: Ensure that the access role created for SageMaker Unified Studio to query Amazon Redshift has the correct permissions. The role should include permissions for actions like "redshift-serverless:GetCredentials", "redshift-serverless:GetWorkgroup", and "redshift-serverless:ListTagsForResource".

  5. Check VPC Configuration: If you're using JupyterLab within SageMaker Unified Studio, make sure that the Amazon Redshift Serverless workgroup and the SageMaker Unified Studio project are in the same VPC.

  6. Verify Compute Connection: Double-check that the compute connection in SageMaker Unified Studio is correctly set up with the appropriate credentials and JDBC URL for your Redshift Serverless workgroup.

If the issue persists after trying these solutions, you may need to review the IAM roles and policies in detail, ensuring that all necessary permissions are correctly set up for both SageMaker Unified Studio and the Redshift Serverless workgroup.
Sources
Authenticating a scheduled query - Amazon Redshift
Gaining access to Amazon Redshift resources - Amazon SageMaker Unified Studio
Connect, share, and query where your data sits using Amazon SageMaker Unified Studio | AWS Big Data Blog

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content