Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
community Alteryx IO Mission Control
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.

Leverage AWS Cognito-based Authentication for Redshift

renat_isch
Alteryx
Alteryx
‎10-31-2024 02:03 AM

This guide explains how to configure AWS Cognito to authenticate users for Amazon Redshift using OAuth2. You will need to set up a Cognito User Pool, an Identity Pool, and assign the necessary IAM roles and permissions for Redshift access. Throughout the process, we will need to collect the following inputs required to create a connection between Alteryx and AWS Redshift:

 

  • AWS Account id;
  • Cognito domain URL;
  • OAuth redirect URL;
  • AWS Region;
  • User Pool ID
  • Identity Pool ID
  • Client ID
  • Client secret (optional for private applications)

Let’s start with finding your AWS account id. Click on your username in the top right corner of the screen as indicated on the below screenshot.

6812e7b2-5775-4e0a-80ba-bdb86a85de1f.png

 

Follow the steps below to complete the configuration.

Step 1: Create a Cognito User Pool

A User Pool in AWS Cognito is where user identities are created and managed. Let’s walk through creating and setting up a User Pool with OAuth.

1. Create a new User Pool
Navigate to the AWS Cognito console and create a new User Pool.

53d38e55-d40b-478e-a7d2-2e7ec60bdf26.png

 

2. Configure desired security requirements;

 

3. Set up the initial OAuth application

After creating the pool, configure the app integration:

  • Mark the application as public/private.

  • Optional: generate client secret

    • Copy and securely save the client secret;

306060a1-3d1b-4a49-99ba-b3e712ae5d2a.png

 

4. Click Next, review and create the user pool;

5. Once the user pool is created, select the pool;

  • Locate Token signing key URL and copy it’s value. Remove /.well-known/jwks.json from the url and store updated url value. This will be your User Pool Id value, e.g. https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_uTmIXw7vJ
  • Go to App Integration tab → click on it and locate Cognito Domain. This will be know as your Cognito Domain URL

933810d6-bec6-450f-bfbe-bac116144328.png

 

6. Locate and click the App integration category on your newly-created user pool

  • Locate User pool Id and extract the AWS region from it. For example if your user pool id starts with eu-central-1, then your region is eu-central-1.
  • Save your AWS Region value - you will use it later in this guide;
  • Scroll down to App clients and analytics section
4ddf8cae-6e59-4dba-9c9e-936482f9c844.png

 

  • Locate the client we created in step 3 and click on its name;
  • Copy and save the app client id

bc5c4613-0f7a-4f1e-bdaf-c78eb8cb1df8.png

 

7c81c6d2-8d4f-462d-b5d6-1b687baa9c30.png

  • This value is known as OAuth redirect URL;

7. Create a user pool identity

  • Go to your user pool page and click Create user

0edf32dc-acb4-4f19-85be-0f5ad9ce9123.png

 

  • Provide desired configuration and create user;

8eda120d-3387-48e2-b2f2-f73bc21f25f0.png

 

Step 2: Create an Identity Pool

Once the User Pool is created, we need to create an Identity Pool to link authenticated users with AWS resources such as Redshift.

  1. Go to the Cognito home page, locate and click Identity Pools in the left tab;

0d7b8dca-1425-4823-96e4-1447e543105a.png

 

 

2. Create a new Identity Pool and Enable authenticated user access
In the Identity Pool settings, configure authenticated access for users and select User Pool as source of the identity;

 

f592632e-a730-4271-a011-46e960fb9450.png

 

3. Configure roles

  • Select the option to create a new role for authenticated users.

  • Provide a name for this role and proceed to the next step.

     

595fcfcc-68b2-4007-a7f8-7cda343e315c.png

 

4. Assign User Pool and OAuth client to the identity pool
Choose the Cognito User Pool and OAuth client you created earlier;

25648f97-b90f-47d2-b094-405defef1cc2.png

 

5. Collect the Identity Pool ID
After the setup, note down the Identity Pool ID, which will be used for integrating with other AWS services

543f4e26-0cc5-4a99-ac1d-5ea27b9864b4.png

 

Step 3: Grant IAM Role Permissions for Redshift Access

Now that your Identity Pool is configured, you need to assign the necessary IAM permissions to the role created in the previous step, allowing it to access Redshift.

 

1. Navigate to IAM and find your role
Go to the IAM console, click on Roles, and locate the role you created in the Identity Pool setup

 

1cba6273-cd23-49f6-9eb1-3711cef93fa8.png

 

2. Attach Redshift permissions

  • Select the role and go to the Permissions tab.

  • Click on Add permission, then choose Attach Policies.

  • Search for the AmazonRedshiftFullAccess policy or any other necessary Redshift permissions.

     

31547fb6-01c1-4d49-9409-a4229efb569d.png

 

3. Apply the permissions
Once the correct permissions are selected, attach them to the role. Now, the role has permission to access Redshift.

 
Step 4: Connect to Redshift data from Alteryx Designer

1. Select designer Alteryx Designer tool and drop it on canvas;

2. Click Set up a Connection

3. Go to Data Sources and locate Redshift → Quick Connect option;

4. Provide your Redshift server details

 

48c66b25-df71-454a-9ab0-196bdbd80854.png

 

5. Click connect credentials;

6. Select IAM with Identity Pool as authentication method and create new credential;

7. Provide the required inputs we collected earlier

 

97ce4848-2530-4e71-b4d3-ebde4c51d606.png

 

8. Under AWS temporary access credentials, create new credential and specify the name;

9. Click save and connect;

10 . Upon clicking Connect button, you will be redirected to AWS authentication page where you will prompted to authenticate with a user account we created in Step 1.

 

4087e10e-3dbc-4bde-ac75-c68218f98c51.png

 

11.  Finally, select the data set you want to work with.

 

Final Thoughts

You’ve now configured AWS Cognito-based authentication for Redshift by setting up a Cognito User Pool, creating an Identity Pool, and assigning appropriate IAM permissions to access Redshift. You can now use these configurations to authenticate users and control access to your Redshift instance.

For more advanced setups, consider configuring multi-factor authentication (MFA) or custom OAuth scopes within Cognito to enhance security.

Reply
0 REPLIES 0
view community events calendar
designer new user guide
Labels