GetClusterCredentialsWithIAM
Returns a database user name and temporary password with temporary authorization to log in to an Amazon Redshift database. The database user is mapped 1:1 to the source AWS Identity and Access Management (IAM) identity. For more information about IAM identities, see IAM Identities (users, user groups, and roles) in the AWS Identity and Access Management User Guide.
The AWS Identity and Access Management (IAM) identity that runs this operation must have an IAM policy attached that allows access to all necessary actions and resources. For more information about permissions, see Using identity-based policies (IAM policies) in the Amazon Redshift Cluster Management Guide.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- ClusterIdentifier
-
The unique identifier of the cluster that contains the database for which you are requesting credentials.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Required: No
- CustomDomainName
-
The custom domain name for the IAM message cluster credentials.
Type: String
Length Constraints: Maximum length of 2147483647.
Required: No
- DbName
-
The name of the database for which you are requesting credentials. If the database name is specified, the IAM policy must allow access to the resource
dbname
for the specified database name. If the database name is not specified, access to all databases is allowed.Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Required: No
- DurationSeconds
-
The number of seconds until the returned temporary password expires.
Range: 900-3600. Default: 900.
Type: Integer
Required: No
Response Elements
The following elements are returned by the service.
- DbPassword
-
A temporary password that you provide when you connect to a database.
Type: String
- DbUser
-
A database user name that you provide when you connect to a database. The database user is mapped 1:1 to the source IAM identity.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 127.
- Expiration
-
The time (UTC) when the temporary password expires. After this timestamp, a log in with the temporary password fails.
Type: Timestamp
- NextRefreshTime
-
Reserved for future use.
Type: Timestamp
Errors
For information about the errors that are common to all actions, see Common Errors.
- ClusterNotFound
-
The
ClusterIdentifier
parameter does not refer to an existing cluster.HTTP Status Code: 404
- UnsupportedOperation
-
The requested operation isn't supported.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: