Returns a database user name and temporary password with temporary authorization to log in to Amazon Redshift Serverless.

By default, the temporary credentials expire in 900 seconds. You can optionally specify a duration between 900 seconds (15 minutes) and 3600 seconds (60 minutes).

<p>The Identity and Access Management (IAM) user or role that runs GetCredentials must have an IAM policy attached that allows access to all necessary actions and resources.</p> <p>If the <code>DbName</code> parameter is specified, the IAM policy must allow access to the resource dbname for the specified database name.</p>

See also: AWS API Documentation

Request Syntax

response = client.get_credentials(
  • dbName (string) --

    The name of the database to get temporary authorization to log on to.


    • Must be 1 to 64 alphanumeric characters or hyphens.
    • Must contain only uppercase or lowercase letters, numbers, underscore, plus sign, period (dot), at symbol (@), or hyphen.
    • The first character must be a letter.
    • Must not contain a colon ( : ) or slash ( / ).
    • Cannot be a reserved word. A list of reserved words can be found in Reserved Words in the Amazon Redshift Database Developer Guide
  • durationSeconds (integer) -- The number of seconds until the returned temporary password expires. The minimum is 900 seconds, and the maximum is 3600 seconds.
  • workgroupName (string) --


    The name of the workgroup associated with the database.

Return type



Response Syntax

    'dbPassword': 'string',
    'dbUser': 'string',
    'expiration': datetime(2015, 1, 1),
    'nextRefreshTime': datetime(2015, 1, 1)

Response Structure

  • (dict) --

    • dbPassword (string) --

      A temporary password that authorizes the user name returned by DbUser to log on to the database DbName .

    • dbUser (string) --

      A database user name that is authorized to log on to the database DbName using the password DbPassword . If the specified DbUser exists in the database, the new user name has the same database privileges as the the user named in DbUser . By default, the user is added to PUBLIC.

    • expiration (datetime) --

      The date and time the password in DbPassword expires.

    • nextRefreshTime (datetime) --

      The date and time of when the DbUser and DbPassword authorization refreshes.


  • RedshiftServerless.Client.exceptions.InternalServerException
  • RedshiftServerless.Client.exceptions.ResourceNotFoundException
  • RedshiftServerless.Client.exceptions.ValidationException