AWS redshift documentation change
Summary
Added detailed explanation of Trusted Identity Propagation feature and updated QuickSight reference
Security assessment
The change adds documentation about Trusted Identity Propagation, a security feature for access control based on user attributes. While this enhances security documentation, there is no evidence of addressing a specific vulnerability.
Diff
diff --git a/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.md b/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.md index 14b7ea967..c04c64fd2 100644 --- a//redshift/latest/mgmt/redshift-iam-access-control-idp-connect.md +++ b//redshift/latest/mgmt/redshift-iam-access-control-idp-connect.md @@ -9 +9,5 @@ Benefits of Redshift integration with AWS IAM Identity CenterAdministrator perso -You can manage user and group access to Amazon Redshift data warehouses through trusted-identity propagation. This works through a connection between Redshift and AWS IAM Identity Center, which gives your users a single sign-on experience. This makes it so you can bring in users and groups from your directory and assign permissions directly to them. Subsequently, this connection supports tying in additional tools and services. To illustrate one end-to-end case, you can use an Amazon QuickSight dashboard or Amazon Redshift query editor v2 to access Redshift. Access in this case is based on AWS IAM Identity Center groups. Redshift can determine who a user is and their group memberships. AWS IAM Identity Center also makes it possible to connect and manage identities through a third-party identity provider (IdP) like Okta or PingOne. +You can manage user and group access to Amazon Redshift data warehouses through trusted-identity propagation. + +[Trusted identity propagation](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html) is an AWS IAM Identity Center feature that administrators of connected AWS services can use to grant and audit access to service data. Access to this data is based on user attributes such as group associations. Setting up trusted identity propagation requires collaboration between the administrators of connected AWS services and the IAM Identity Center administrators. For more information, see [Prerequisites and considerations](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overall-prerequisites.html). + +To illustrate one end-to-end case, you can use an Amazon QuickSight dashboard or Amazon Redshift query editor v2 to access Redshift. Access in this case is based on AWS IAM Identity Center groups. Redshift can determine who a user is and their group memberships. AWS IAM Identity Center also makes it possible to connect and manage identities through a third-party identity provider (IdP) like Okta or PingOne. @@ -45 +49 @@ The following are personas that are key to connecting analytics applications to -The following shows how to use Amazon QuickSight to authenticate with Redshift when it's connected to and access is managed through AWS IAM Identity Center: [Authorizing connections from Amazon QuickSight to Amazon Redshift clusters](https://docs.aws.amazon.com/quicksight/latest/user/enabling-access-redshift.html). These steps apply to Amazon Redshift Serverless too. +The following shows how to use QuickSight to authenticate with Redshift when it's connected to and access is managed through AWS IAM Identity Center: [Authorizing connections from QuickSight to Amazon Redshift clusters](https://docs.aws.amazon.com/quicksight/latest/user/enabling-access-redshift.html). These steps apply to Amazon Redshift Serverless too.