Credentials and Writing to Redshift
You can specify how securely the destination authenticates with Amazon Redshift. The credentials that you use determine the additional information that you must provide and whether you need to install a JDBC driver. Configure credentials on the Credentials tab of the destination.
The destination can authenticate using the following credentials:
- Instance profile
- When the EC2 nodes in the EMR cluster have an associated instance profile, Transformer uses the instance profile credentials to automatically authenticate with AWS. The IAM policies attached to the instance profile must have permissions to write to Amazon S3 and to the Redshift cluster.
- AWS access keys
- You can authenticate using an AWS access key pair. When using an AWS access
key pair, you specify the access key ID and secret access key to use. The
AWS access key pair must have permissions to write to Amazon S3 and to the
Redshift destination. When you use AWS access keys, you also specify the following details to enable writing to Redshift:
- DB User - Database user that Transformer impersonates when writing to the database. The user must have write permission for the database table.
- Auto-Create DB User - Enables creating a database user to write data to Redshift.
- DB Groups - Comma-delimited list of existing database groups for the database user to join for the duration of the pipeline run. The specified groups must have write permission for the S3 staging location.