Configure Connection to Data Source

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

After you install the Redshift OCF connector, you must configure the connection to the Redshift data source.

The various steps involved in configuring the Redshift data source connection setting are:

1. Provide Access

2. Connect to Data Source

Provide Access

Go to the Access tab on the Settings page of your Redshift data source, set the data source visibility using these options:

• Public Data Source — The data source is visible to all users of the catalog.

• Private Data Source — The data source is visible to the users allowed access to the data source by Data Source Admins.

You can add new Data Source Admin users in the Data Source Admins section.

Connect to Data Source

To connect to the data source, you must perform these steps:

1. Provide the JDBC URI

2. Configure Authentication

3. Test the Connection

4. Configure Additional Connection Settings

5. Configure Logging

Important

The Alation user interface displays standard configuration settings for credentials and connection information stored in the Alation database. If your organization has configured Azure KeyVault or AWS Secrets Manager to hold such information, the user interface will change to include the following buttons adjacent to the respective fields:

By default, you see the user interface for Standard. In the case of Vault, instead of the actual credential information, you must select the source and provide the corresponding key. For details, see Configure Secrets for OCF Connector Settings.

Provide the JDBC URI

JDBC URI

When building the URI, include the following information:

• Hostname or IP of the instance

• Port number

• Database name

• Cluster ID

• Region

URI Format for Basic Authentication

Format

redshift://<Hostname_or_IP>:<Port_Number>/<Database_Name>

Example

redshift://redshift-nlb-adc13e6232ccee56.elb.us-east-1.amazonaws.com:5439/test_alation_database

URI Format for STS Authentication

This is the format and example of JDBC URL using IAM authentication in case of no VPC or cluster ID.

Format

redshift:iam://<Hostname_or_IP>:<Port_Number>/<Database_Name>

Example

redshift:iam://redshift-nlb-adc13e6232ccee56.elb.us-east-1.amazonaws.com:5439/test_alation_database

And in case of either VPC or cluster ID, we have the following format:

Format

redshift:iam://<Hostname_or_IP>:<Port_Number>/<Database_Name>?ClusterID=<Cluster_ID_Name>&Region=<Region_Name>

We have 2 examples based on serverless and provisioned:

• serverless (VPC enabled)

Example

redshift:iam://vpce-0dbd67f0479d2a5f7-a0p0dc56.vpce-svc-03395b292136cb5ad.us-east-1.vpce.amazonaws.com:5439/dev?ClusterID=redshift-serverless-<workgroupName>

As serverless doesn’t belong to a cluster, the workgroup name will be used as the cluster ID where workgroup refers to the collection of resources available for use.

• provisioned

Example

redshift:iam://redshift-nlb-adc13e6232ccee56.elb.us-east-1.amazonaws.com:5439/test_alation_database?ClusterID=redshift-cluster-private&Region=us-east-1

For provisioned instances, provide the unique cluster ID.

Provide the JDBC URI in Alation

To provide to the JDBC URI in the Alation UI, perform these steps:

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0

1. On the Settings page of your Amazon Redshift data source, go to the General Settings tab.

2. In the Provide the JDBC URI section, based on the type of authentication you want to use, enter the JDBC URI. For details, see Provide the JDBC URI .

   Note

   Click the View history icon to view the history of recent URI values provided by users, if any. The History: Recent URI Values list displays 100 URI entries. You can copy a URI from the list to reuse.

3. Save the configuration.

Configure Authentication

Alation supports the following authentication types for the Redshift data source:

• Basic authentication (database username and password)

• STS Authentication

Basic Authentication

Basic authentication requires a service account username and password.

Configure Basic Authentication

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0

1. On the Settings page of Amazon Redshift data source, go to the General Settings tab.

2. In the Configure authentication step, click on the Basic tab.

3. Provide the service account username and password.

4. To use SSL with Basic authentication, turn on the Enable SSL toggle, provide the Truststore password, and upload the SSL certificate.

5. Save the configuration.

STS Authentication with an AWS IAM User

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0

1. On the Settings page of Amazon Redshift data source, go to the General Settings tab.

2. In the Configure authentication step, click on the STS - IAM User tab. Refer to STS Authentication with an IAM User for more information about this authentication method.

3. To use AWS STS Regional endpoint, turn on the Region-Specific Endpoint toggle and specify your AWS region.

4. Specify the user name in DB Username to log in to the cluster database.

5. If you are authenticating with an AWS user, specify the access key ID of the service account under AWS access key.

6. If you are authenticating with an AWS user, specify the access key secret of the service account under AWS secret key.

7. Specify the ARN of the role you created following the steps in STS Authentication with an AWS IAM User.

8. Specify the STS duration value, in seconds. The default value is 3600 seconds.

9. To use SSL with STS authentication, turn on the Enable SSL toggle, provide the Truststore password, and upload the SSL certificate.

10. Save the configuration.

STS Authentication with an AWS IAM Role

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0

1. On the Settings page of Amazon Redshift data source, go to the General Settings tab.

2. In the Configure authentication step, click on the STS - IAM Role tab. Refer to STS Authentication with an IAM Role for more information about this authentication method.

3. Specify the user name in DB Username to log in to the cluster database.

4. Select the authentication profile you created in Admin Settings.

5. Provide the ARN of the role that gives access to the Amazon resource.

6. Provide the External ID you added to the role that gives access to the Amazon resource.

7. Provide the STS token duration in seconds. This value must be less than or equal to the Maximum session duration of the IAM role that provides access to the Amazon resource(s).

8. To use SSL with STS authentication, turn on the Enable SSL toggle, provide the Truststore password, and upload the SSL certificate.

9. Save the configuration.

Test the Connection

The connection test checks database connectivity. Alation uses the JDBC URI to connect to the database and to confirm when the connection is established.

After specifying the JDBC URI and configuring authentication, click Test Connection.

A dialog box appears confirming the status of the connection test.

Configure Additional Connection Settings

Apart from the mandatory configurations that you perform to connect to the data source in the General Settings tab, you can configure the following additional settings:

• Configure Additional Data Source Connections

• Disable Obfuscate Literals

• Disable automatic lineage generation

Configure Additional Data Source Connections

Alation can associate objects in a data source with objects in another source in the catalog through lineage. For example, you can show lineage between your data source and BI sources that use its data.

Provide additional connection information for the data source to see lineage across multiple sources on the Lineage chart.

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0.

To enter additional data source connection details, go to General Settings > Advanced settings of the Settings page of your Redshift connector and enter the connection URL.

Use the following format: <host>:<port>

You can provide multiple values as a comma-separated list:

<host1>:<port1>,<host2>:<port2>

For example:

10.13.71.216:1541,sever.com:1542

For more details, see Configure Cross-Source Lineage.

Enable or Disable Obfuscate Literals

You can hide literal values from queries ingested with query log ingestion and displayed on the Queries tab of a schema and table catalog objects.

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0.

Go to the General Settings tab and turn on or off the Obfuscate literals toggle under the Advanced settings section.

When enabled, literal values are substituted with placeholder values. Disable this option when you want literal values in queries to be visible to users.

By default, this option is disabled.

Configure Logging

To set the logging level for your Amazon Redshift data source logs, perform these steps:

Connector Version 1.7.0 and NewerConnector Versions Prior to 1.7.0

From Alation version 2023.3.4 and connector version 1.7.0.

1. On the Settings page of your Amazon Redshift data source, go to General Settings > Connector logs.

2. Select a logging level for the connector logs and Save the settings.

   The available log levels are based on the Log4j framework.

You can view the connector logs in Admin Settings > Server Admin > Manage Connectors > Redshift OCF connector.