GetClusterCredentialsWithIAM - Amazon Redshift

GetClusterCredentialsWithIAM

Returns a database user name and temporary password with temporary authorization to log in to an Amazon Redshift database. The database user is mapped 1:1 to the source AWS Identity and Access Management (IAM) identity. For more information about IAM identities, see IAM Identities (users, user groups, and roles) in the AWS Identity and Access Management User Guide.

The AWS Identity and Access Management (IAM) identity that runs this operation must have an IAM policy attached that allows access to all necessary actions and resources. For more information about permissions, see Using identity-based policies (IAM policies) in the Amazon Redshift Cluster Management Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

ClusterIdentifier

The unique identifier of the cluster that contains the database for which you are requesting credentials.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Required: Yes

DbName

The name of the database for which you are requesting credentials. If the database name is specified, the IAM policy must allow access to the resource dbname for the specified database name. If the database name is not specified, access to all databases is allowed.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Required: No

DurationSeconds

The number of seconds until the returned temporary password expires.

Range: 900-3600. Default: 900.

Type: Integer

Required: No

Response Elements

The following elements are returned by the service.

DbPassword

A temporary password that you provide when you connect to a database.

Type: String

DbUser

A database user name that you provide when you connect to a database. The database user is mapped 1:1 to the source IAM identity.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 127.

Expiration

The time (UTC) when the temporary password expires. After this timestamp, a log in with the temporary password fails.

Type: Timestamp

NextRefreshTime

Reserved for future use.

Type: Timestamp

Errors

For information about the errors that are common to all actions, see Common Errors.

ClusterNotFound

The ClusterIdentifier parameter does not refer to an existing cluster.

HTTP Status Code: 404

UnsupportedOperation

The requested operation isn't supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: