search

prestodb / presto

The official home of the Presto distributed SQL query engine for big data
http://prestodb.io
Apache License 2.0
15.79k stars 5.29k forks source link

IAM JDBC support in Redshift connectors #20602

Open soham-dasgupta opened 11 months ago

soham-dasgupta commented 11 months ago

Presto currently supports connecting to Redshift using Username and Password. This raises security question if Presto is managed through CDK. Storing a username and password in a text file is not a good idea from security point of view.

Redshift can generate temporary credentials by using IAM authentication methods where the IAM role is passed using the JDBC connection URL. See Redshift Management Guide

Expected Behavior or Use Case

In addition to username password, Redshift connector should support JDBC URL that has IAM in it

Presto Component, Service, or Connector

Redshift Connector

Possible Implementation

N/A

Example Screenshots (if appropriate):

Context

We are using Presto to build a DPaaS (Data Platform as a Service) that has two components, Data producers and data consumers. Data producers are teams who would like to onboard their data stores to Presto to be used by data consumers. Data producers are not comfortable sharing username and password for their Redshift data warehouses and prefer IAM.

tdcmeehan commented 11 months ago

@soham-dasgupta do you have cycles to work on this?

Bhardwaj20241 commented 9 hours ago

@tdcmeehan we have AWS STS (Security Token Service) in Advanced Identity that can help us to get the temporary credentials for EC2 instances to access AWS resources.