Description
Infrastructure:
- VPC (db) containing production databases and Redshift serverless instance (ddi)
- VPC (cl) containing VPN client end point and management boxes
- Redshift managed endpoint in (cl)
Moving either the cluster or VPN end point is not an option.
Initial testing:
Using my laptop on the VPN and using the AWS CLI to generate temporary credentials I am able to use SQL Workbench to connect to (ddi) and run queries using the JDBC URL:
jdbc:redshift://ddi-endpoint-endpoint-k7rfausgmlzieup51zgg.[account].eu-west-1.redshift-serverless.amazonaws.com:5439/:dev
if I provide the temporary credentials to SQL Workbench via copy-paste.
Where I hit a problem:
If I change the URL to:
jdbc:redshift:iam://ddi-endpoint-endpoint-k7rfausgmlzieup51zgg.[account].eu-west-1.redshift-serverless.amazonaws.com:5439/:dev
(note the addition of iam:) I get this error:
IAM error retrieving temp credentials: Serverless workgroup ddi-endpoint-endpoint-k7rfausgmlzieup51zgg not found.
(Service: AWSRedshiftServerless; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: [redacted]; Proxy: null)
[SQL State=99999]
Having looked at the codebase it appears (although I am very much not a Java developer) that the IAM temporary credentials provider is assuming that the first part of the URL is the workgroup name and therefore won't correctly pick up
Questions:
- Is this a know issue?
- If so:
-
- is it on a roadmap to look at?
-
- is there a temporary fix
- If not, is my diagnosis correct or have I done something silly that you can point me in the direction of.
All help appreciated.