Connecting to Amazon Redshift Using IAM Credentials via JDBC
Connecting to Redshift with IAM credentials via JDBC requires the Redshift JDBC driver. If using RazorSQL,
RazorSQL can automatically download the driver for you during the connection setup process. If connecting
outside of RazorSQL, the driver can be obtained from the following link:
Older versions of the Redshift JDBC driver do not support authenticating with IAM credentials. Please be sure to either get the latest version from the above link, or if that is not possible, use version 22.214.171.1243 or later.
When connecting to Redshift via JDBC and using IAM credentials as authentication, three fields are required: the AWS Access Key, the AWS Secret Key, and a database user value. If using temporary IAM credentials, an AWS session token is also required. This article assumes that the database user value provided is the name of a user that exists in the Redshift database. The permissions of the database user will be given to the connection.
When using IAM credentials via the Redshift JDBC driver, a special JDBC URL format is required. The URL takes the following
jdbc:redshift:iam://<redshift clustername:region name>:<port number>/<database name>?AccessKeyID=<access key value>&SecretAccessKey=<secret key value>&DBUser=<database user name>
Below is an example of the JDBC URL:
Note that this URL has the ssl=true property set. This enables encryption of the data sent between the driver and the Redshift database.
When connecting via JDBC, a Driver Class value is also required to connect. There are different driver classes
depending on which version of JDBC is desired and which version of the Java Runtime Environment that is being used.
For example, for version 4.1 of JDBC, the driver class is the following:
For version 4.2 of JDBC, the driver class is the following: