AWS Redshift:在SQL代码中隐藏凭证
[英]AWS Redshift : Hiding credentials in sql code
问题描述
I am loading tables in redshift using the copy command as below. 
我使用如下的copy命令在redshift中加载表。
COPY tip_files
FROM 's3 path'
iam_role 'role arn'
FORMAT AS PARQUET;
The problem is my arn is hardcoded here which seems to be a problem as a bad programming practice. 问题是我的arn在这里被硬编码,这似乎是一个不好的编程习惯。 I tried storing the arn in cred table and using it as below: 我尝试将arn存储在cred表中,并按以下方式使用它:
COPY tipfile
FROM 's3 path'
iam_role (select arn from cred)
FORMAT AS PARQUET;
It did not work. 这没用。 Is there any way to achieve this? 有什么办法可以做到这一点?
1 个解决方案
解决方案1
0 已采纳 2019-01-02 23:38:36
This is not possible. 这是不可能的。 The credentials need to be supplied within the COPY command. 凭据需要在 COPY命令中提供。 It is not possible to join to them elsewhere. 无法在其他地方加入他们。
An Amazon Resource Name (ARN) should not be considered confidential. 亚马逊资源名称(ARN) 不应被视为机密。 It does not expose any credentials. 它不公开任何凭据。
You could choose to keep the ARN somewhere (eg in AWS SSM Parameter Store) and have your code insert the ARN into the command rather than storing it with the command. 您可以选择将ARN保留在某个位置(例如,放在AWS SSM参数存储中),并使代码将ARN插入命令中,而不是将其与命令一起存储。 However, your program would need to do that manipulation, rather than doing it within Redshift. 但是,您的程序将需要执行该操作,而不是在Redshift中进行操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.