How to use an IDP where OpenID Connect will be used to pass an access token to Amazon Redshift

Question

Was informed by AWS support that you cannot use AWS Cognito to pass an access token (JWT) to the Amazon Redshift JDBC driver via webIdentityToken name value pair.

Have been unable to find any documentation/video/blog, that shows a worked example of another IDP (i.e. Azure AD) being used, where an application will use OpenID Connect with it, and intends to pass an access token to the Redshift JDBC driver.

Has anyone done this, can you reference me to the steps required to get going.

Answer

First create a Cognito User Pool federated with your IdP with SAML or OpenID for Authentication:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html
Then in order to get an AWS temporary credential you need to create a Cognito Identity Pool:
https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html

How to use an IDP where OpenID Connect will be used to pass an access token to Amazon Redshift

相关内容