From a7abea8b1313672276927f182f33ce9b9948e51d Mon Sep 17 00:00:00 2001 From: Tetsuro Sano Date: Wed, 29 Nov 2023 19:06:27 +0900 Subject: [PATCH] Add assume role authentication for Redshift --- embulk-output-redshift/README.md | 10 +++++++++- embulk-output-redshift/build.gradle | 2 +- embulk-output-redshift/gradle.lockfile | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/embulk-output-redshift/README.md b/embulk-output-redshift/README.md index 1c4decca..70db3cd3 100644 --- a/embulk-output-redshift/README.md +++ b/embulk-output-redshift/README.md @@ -24,7 +24,7 @@ Redshift output plugin for Embulk loads records to Redshift. - **transaction_isolation**: transaction isolation level for each connection ("read_uncommitted", "read_committed", "repeatable_read" or "serializable"). if not specified, database default value will be used. - **access_key_id**: deprecated. `aws_access_key_id` should be used (see "basic" in `aws_auth_method`). - **secret_access_key**: deprecated. `aws_secret_access_key` should be used (see "basic" in `aws_auth_method`). -- **aws_auth_method**: name of mechanism to authenticate requests ("basic", "env", "instance", "profile", "properties", "anonymous", "session" or "default". default: "basic") +- **aws_auth_method**: name of mechanism to authenticate requests ("basic", "env", "instance", "profile", "properties", "anonymous", "session", "assume_role" or "default". default: "basic") - "basic": uses `access_key_id` and `secret_access_key` to authenticate. @@ -63,6 +63,14 @@ Redshift output plugin for Embulk loads records to Redshift. - **aws_session_token**: session token (string, required) + - "assume_role": uses temporary security credentials created by AssumeRole. + + - **aws_account_id**: AWS account ID (string, required) + + - **aws_role_name**: AWS role name (string, required) + + - **aws_external_id**: External ID (string, required) + - "default": uses AWS SDK's default strategy to look up available credentials from runtime environment. This method behaves like the combination of the following methods. 1. "env" diff --git a/embulk-output-redshift/build.gradle b/embulk-output-redshift/build.gradle index a12a7391..b56006e6 100644 --- a/embulk-output-redshift/build.gradle +++ b/embulk-output-redshift/build.gradle @@ -15,7 +15,7 @@ dependencies { exclude group: "com.fasterxml.jackson.core", module: "jackson-databind" exclude group: "com.fasterxml.jackson.core", module: "jackson-core" } - implementation("org.embulk:embulk-util-aws-credentials:0.4.0") { + implementation("org.embulk:embulk-util-aws-credentials:0.4.2") { exclude group: "org.slf4j", module: "slf4j-api" } diff --git a/embulk-output-redshift/gradle.lockfile b/embulk-output-redshift/gradle.lockfile index d0739591..232fcc55 100644 --- a/embulk-output-redshift/gradle.lockfile +++ b/embulk-output-redshift/gradle.lockfile @@ -18,7 +18,7 @@ joda-time:joda-time:2.9.2=compileClasspath,runtimeClasspath org.apache.httpcomponents:httpclient:4.5.5=compileClasspath,runtimeClasspath org.apache.httpcomponents:httpcore:4.4.9=compileClasspath,runtimeClasspath org.embulk:embulk-spi:0.10.49=compileClasspath -org.embulk:embulk-util-aws-credentials:0.4.0=compileClasspath,runtimeClasspath +org.embulk:embulk-util-aws-credentials:0.4.2=compileClasspath,runtimeClasspath org.embulk:embulk-util-config:0.3.3=compileClasspath,runtimeClasspath org.embulk:embulk-util-json:0.2.1=compileClasspath,runtimeClasspath org.embulk:embulk-util-retryhelper:0.8.2=compileClasspath,runtimeClasspath @@ -26,7 +26,7 @@ org.embulk:embulk-util-rubytime:0.3.3=compileClasspath,runtimeClasspath org.embulk:embulk-util-timestamp:0.2.2=compileClasspath,runtimeClasspath org.msgpack:msgpack-core:0.8.24=compileClasspath org.postgresql:postgresql:9.4-1205-jdbc41=compileClasspath,runtimeClasspath -org.slf4j:jcl-over-slf4j:1.7.12=compileClasspath,runtimeClasspath +org.slf4j:jcl-over-slf4j:1.7.36=compileClasspath,runtimeClasspath org.slf4j:slf4j-api:2.0.7=compileClasspath software.amazon.ion:ion-java:1.0.2=compileClasspath,runtimeClasspath empty=