Amazon Redshift

2025/11/12 - Amazon Redshift - 1 new api methods

Changes  Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated applications. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages.

GetIdentityCenterAuthToken (new) Link ΒΆ

Generates an encrypted authentication token that propagates the caller's Amazon Web Services IAM Identity Center identity to Amazon Redshift clusters. This API extracts the Amazon Web Services IAM Identity Center identity from enhanced credentials and creates a secure token that Amazon Redshift drivers can use for authentication.

The token is encrypted using Key Management Service (KMS) and can only be decrypted by the specified Amazon Redshift clusters. The token contains the caller's Amazon Web Services IAM Identity Center identity information and is valid for a limited time period.

This API is exclusively for use with Amazon Web Services IAM Identity Center enhanced credentials. If the caller is not using enhanced credentials with embedded Amazon Web Services IAM Identity Center identity, the API will return an error.

See also: AWS API Documentation

Request Syntax

client.get_identity_center_auth_token(
    ClusterIds=[
        'string',
    ]
)
type ClusterIds:

list

param ClusterIds:

[REQUIRED]

A list of cluster identifiers that the generated token can be used with. The token will be scoped to only allow authentication to the specified clusters.

Constraints:

  • ClusterIds must contain at least 1 cluster identifier.

  • ClusterIds can hold a maximum of 20 cluster identifiers.

  • Cluster identifiers must be 1 to 63 characters in length.

  • The characters accepted for cluster identifiers are the following:

    • Alphanumeric characters

    • Hyphens

  • Cluster identifiers must start with a letter.

  • Cluster identifiers can't end with a hyphen or contain two consecutive hyphens.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'Token': 'string',
    'ExpirationTime': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    The response from GetIdentityCenterAuthToken containing the encrypted authentication token and expiration time.

    • Token (string) --

      The encrypted authentication token containing the caller's Amazon Web Services IAM Identity Center identity information. This token is encrypted using Key Management Service and can only be decrypted by the specified Amazon Redshift clusters. Use this token with Amazon Redshift drivers to authenticate using your Amazon Web Services IAM Identity Center identity.

    • ExpirationTime (datetime) --

      The time (UTC) when the token expires. After this timestamp, the token will no longer be valid for authentication.