AWS Lambda Python/Boto3/psycopg2 Redshift temporary credentials

Question

I'm pretty new to AWS so please let me know if what I'm trying to do is not a good idea, but the basic gist of it is that I have a Redshift cluster that I want to be able to query from Lambda (Python) using a combination of psycopg2 and boto3. I have assigned the Lambda function a role that allows it to get temporary credentials (get_cluster_credentials) from Redshift. I then use psycopg2 to pass those temporary credentials to create a connection. This works fine when I run interactively from my Python console locally, but I get the error:

OperationalError: FATAL: password authentication failed for user "IAMA:temp_user_cred:vbpread"

If I use the temporary credentials that Lambda produces directly in a connection statement from my python console they actually work (until expired). I think I'm missing something obvious. My code is:

import boto3
import psycopg2

print('Loading function')

def lambda_handler(event, context):

    client = boto3.client('redshift')
    dbname = 'medsynpuf'
    dbuser = 'temp_user_cred'
    response = client.describe_clusters(ClusterIdentifier=dbname)
    pwresp = client.get_cluster_credentials(DbUser=dbuser,DbName=dbname,ClusterIdentifer=dbname,DurationSeconds=3600,AutoCreate=True, DbGroups=['vbpread'])
    dbpw = pwresp['DbPassword']
    dbusr = pwresp['DbUser']
    endpoint = response['Clusters'][0]['Endpoint']['Address']
    print(dbpw)
    print(dbusr)
    print(endpoint)
    con = psycopg2.connect(dbname=dbname, host=endpoint, port='5439', user=dbusr, password=dbpw)
    cur = con.cursor()

    query1 = open("001_copd_yearly_count.sql","r")
    cur.execute(query1.read())
    query1_results = cur.fetchall()

    result = query1_results

    return result

I'm using Python 3.6.

Thanks! Gerry

Answer 1

I was using a Windows compiled version of psycopg2 and needed Linux. Swapped it out for the one here: https://github.com/jkehler/awslambda-psycopg2