Reputation: 581
How to connect to RedShift via AWS Identity Center and EntraID as external IdP?
I am trying to setup Identity Center authentication for my serverless Redshift workgroup.
Following the steps in https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html, I created an application and added Users and Groups. My external IdP is EntraId.
I am able to connect to query editor v2 by authenticating with Identity Center, however I also want to connect from local machine with DBeaver. As described I am using the driver plugin com.amazon.redshift.plugin.IdpTokenAuthPlugin. When setting token_type=EXT_JWT I tried to create a token from my external identity provider which is connected in Identity Center. My external IdP is EntraId, so I tried to get the token via POST on https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token. However, setting the token in the plugin, I always get token is invalid or expired.
How do I obtain a valid JWT token from EntraID?
Upvotes: 0
Views: 236
Answers (1)
Reputation: 1050
What u want is not idp, the newer fresher better method is integrated native azure oauth. auto creates all your roles (not groups) based on your entra groups, then u can give specific roles scoped permissions.
Upvotes: 0
Related Questions
- AWS CLI v2: Identity Center: Create User
- Signing in AWS Identity Center from Entra
- How to overwrite the challenge loginpath when using Microsoft Entra ID Authentication?
- AWS Redshift Serverless IAM Identity Center Autnethication not working
- How do I get User To Show Up AWS IAM Identity Center Under AWS Accounts?
- AWS Identity Center without User Provisioning
- How to choose an AWS profile when using boto3 to connect to CloudFront
- How to get JWT Token from Azure multi-tenant application?