Starburst Redshift connector#

The Starburst Redshift connector is an extended version of the Redshift connector. It can be used to connect and query Redshift databases. Configuration and usage is identical.

The following improvements are included:

Requirements#

Configuration#

The connector configuration is identical to the configuration for the base Redshift connector.

A minimal configuration, with the connector-name redshift and the JDBC connections details, is shown in the following snippet:

connector.name=redshift
connection-url=jdbc:redshift://example.net:5439/database
connection-user=redshift_username
connection-password=redshift_password

Type mapping#

Because SEP and Redshift each support types that the other does not, this connector modifies some types when reading or writing data.

Redshift to SEP read type mapping#

This connector supports reading the following Redshift types and performs conversion to SEP types with the detailed mappings as shown in the following table.

Redshift to SEP type mapping#

Redshift database type

SEP type

Notes

BOOLEAN

BOOLEAN

SMALLINT, INT2

SMALLINT

INTEGER, INT, INT4

INTEGER

BIGINT, INT8

BIGINT

DOUBLE PRECISION, FLOAT, FLOAT8

DOUBLE

REAL, FLOAT4

REAL

DECIMAL(p, s), NUMERIC(p,s)

DECIMAL(p, s)

CHAR(n), NCHAR(n), BPCHAR

CHAR(n)

Redshift’s BPCHAR is equivalent to CHAR(256).

VARCHAR(n), NVARCHAR(n), TEXT

VARCHAR(n)

Redshift’s TEXT is equivalent to VARCHAR(256).

DATE

DATE

TIME

TIME(6)

See Mapping datetime types

TIMESTAMP

TIMESTAMP(6)

See Mapping datetime types

No other types are supported.

SEP to Redshift write type mapping#

This connector supports writing the following SEP types and performs conversion to Redshift types with the detailed mappings as shown in the following table.

SEP to Redshift type mapping#

SEP type

Redshift type

Notes

BOOLEAN

BOOLEAN

TINYINT

SMALLINT

SMALLINT

SMALLINT

INTEGER

INTEGER

BIGINT

BIGINT

REAL

REAL

DOUBLE

DOUBLE PRECISION

DECIMAL(p, s)

DECIMAL(p, s)

CHAR(n)

CHAR(n)

For n up to 4096.

CHAR(n)

VARCHAR(n)

For n from 4096 to 65535.

CHAR(n)

VARCHAR(MAX)

For n above 65535.

VARCHAR(n)

VARCHAR(n)

For n up to 65535.

VARCHAR(n)

VARCHAR(MAX)

For n above 65535.

VARCHAR

VARCHAR(MAX)

When no bound is given.

DATE

DATE

TIME(p)

TIME

See Mapping datetime types

TIMESTAMP(p)

TIMESTAMP

See Mapping datetime types

No other types are supported.

Mapping datetime types#

Redshift’s TIME and TIMESTAMP types only support microsecond precision (6 digits). When writing data with higher precision from SEP to Redshift, the time is rounded to the nearest microsecond before being inserted.

SQL support#

The connector supports all of the SQL statements listed in the Redshift connector documentation.

Performance#

The connector includes a number of performance improvements, detailed in the following sections.

Pushdown#

The connector supports pushdown for a number of operations:

Aggregate pushdown for the following functions:

Table statistics#

The Redshift connector supports table and column statistics to improve query processing performance based on the actual data in the data source.

The statistics are collected by Redshift and retrieved by the connector.

ANALYZE may be run automatically depending on your Redshift configuration. To manually collect statistics for a table, execute the following statement in Redshift.

ANALYZE table_schema.table_name;

Refer to Redshift documentation for additional ANALYZE options.

Dynamic filtering#

Dynamic filtering is enabled by default. It causes the connector to wait for dynamic filtering to complete before starting a JDBC query.

You can disable dynamic filtering by setting the property dynamic-filtering.enabled in your catalog properties file to false.

Starburst Cached Views#

The connectors supports table scan redirection to improve performance and reduce load on the data source.

Security#

The connector includes a number of security-related features, detailed in the following sections.

User impersonation#

The connector supports user impersonation. Enable user impersonation in the catalog properties file:

redshift.impersonation.enabled=true

User impersonation in the Redshift connector is based on SET SESSION AUTHORIZATION command supported in Redshift.

Note

Running SET SESSION AUTHORIZATION in Redshift requires the initial connection user to be a superuser.

Password credential pass-through#

The connector supports password credential pass-through. To enable it, edit the catalog properties file to include the authentication type:

redshift.authentication.type=PASSWORD_PASS_THROUGH

For more information about configurations and limitations, see Password credential pass-through.

AWS IAM authentication#

The connector supports IAM authentication. This enhancement allows you to manage access control from SEP with IAM policies.

Configuration#

To enable IAM authentication, add the following configuration properties to the catalog configuration file:

redshift.authentication.type=AWS
aws.region-name=<AWS region>

This table describes the configuration properties for IAM authentication:

IAM configuration properties#

Property name

Description

aws.region-name

The name of the AWS region in which the Redshift instance is deployed.

aws.access-key

The access key of the principal to authenticate with for the token generator service. Used for fixed authentication, setting this property disables automatic authentication.

aws.secret-key

The secret key of the principal to authenticate with for the token generator service. Used for fixed authentication, setting this property disables automatic authentication.

aws.session-token

(Optional) A session token for temporary credentials, such as credentials obtained from SSO. Used for fixed authentication, setting this property disables automatic authentication.

Authentication#

By default the connector attempts to automatically obtain its authentication credentials from the environment. The default credential provider chain attempts to obtain credentials from the following sources, in order:

  1. Environment variables: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, or AWS_ACCESS_KEY and AWS_SECRET_KEY.

  2. Java system properties: aws.accessKeyId and aws.secretKey.

  3. Web identity token: credentials from the environment or container.

  4. Credential profiles file: a profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI.

  5. EC2 service credentials: credentials delivered through the Amazon EC2 container service, assuming the security manager has permission to access the value of the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.

  6. Instance profile credentials: credentials delievered through the Amazon EC2 metadata service.

If the SEP cluster is running on an EC2 instance, these credentials most likely come from the metadata service.

Alternatively, you can set fixed credentials for authentication. This option disables the container’s automatic attempt to locate credentials. To use fixed credentials for authentication, set the following configuration properties:

aws.access-key=<access_key>
aws.secret-key=<secret_key>

# (Optional) You can use temporary credentials. For example, you can use temporary credentials from SSO
aws.session-token=<session_token>

Limitations#

  • The Redshift connector doesn’t push down queries with a GROUP BY and WHERE clause on the same column for tables using ALL or AUTO(ALL) distribution styles due to a limitation in Redshift. You can work around this by changing the table to use an EVEN or KEY distribution style as described in the Redshift documentation about distribution styles.