Redshift / Client / create_redshift_idc_application

create_redshift_idc_application#

Redshift.Client.create_redshift_idc_application(**kwargs)#

Creates an Amazon Redshift application for use with IAM Identity Center.

See also: AWS API Documentation

Request Syntax

response = client.create_redshift_idc_application(
    IdcInstanceArn='string',
    RedshiftIdcApplicationName='string',
    IdentityNamespace='string',
    IdcDisplayName='string',
    IamRoleArn='string',
    AuthorizedTokenIssuerList=[
        {
            'TrustedTokenIssuerArn': 'string',
            'AuthorizedAudiencesList': [
                'string',
            ]
        },
    ],
    ServiceIntegrations=[
        {
            'LakeFormation': [
                {
                    'LakeFormationQuery': {
                        'Authorization': 'Enabled'|'Disabled'
                    }
                },
            ],
            'S3AccessGrants': [
                {
                    'ReadWriteAccess': {
                        'Authorization': 'Enabled'|'Disabled'
                    }
                },
            ]
        },
    ]
)
Parameters:
  • IdcInstanceArn (string) –

    [REQUIRED]

    The Amazon resource name (ARN) of the IAM Identity Center instance where Amazon Redshift creates a new managed application.

  • RedshiftIdcApplicationName (string) –

    [REQUIRED]

    The name of the Redshift application in IAM Identity Center.

  • IdentityNamespace (string) – The namespace for the Amazon Redshift IAM Identity Center application instance. It determines which managed application verifies the connection token.

  • IdcDisplayName (string) –

    [REQUIRED]

    The display name for the Amazon Redshift IAM Identity Center application instance. It appears in the console.

  • IamRoleArn (string) –

    [REQUIRED]

    The IAM role ARN for the Amazon Redshift IAM Identity Center application instance. It has the required permissions to be assumed and invoke the IDC Identity Center API.

  • AuthorizedTokenIssuerList (list) –

    The token issuer list for the Amazon Redshift IAM Identity Center application instance.

    • (dict) –

      The authorized token issuer for the Amazon Redshift IAM Identity Center application.

      • TrustedTokenIssuerArn (string) –

        The ARN for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center.

      • AuthorizedAudiencesList (list) –

        The list of audiences for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center.

        • (string) –

  • ServiceIntegrations (list) –

    A collection of service integrations for the Redshift IAM Identity Center application.

    • (dict) –

      A list of service integrations.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: LakeFormation, S3AccessGrants.

      • LakeFormation (list) –

        A list of scopes set up for Lake Formation integration.

        • (dict) –

          A list of scopes set up for Lake Formation integration.

          Note

          This is a Tagged Union structure. Only one of the following top level keys can be set: LakeFormationQuery.

          • LakeFormationQuery (dict) –

            The Lake Formation scope.

            • Authorization (string) – [REQUIRED]

              Determines whether the query scope is enabled or disabled.

      • S3AccessGrants (list) –

        A list of scopes set up for S3 Access Grants integration.

        • (dict) –

          A list of scopes set up for S3 Access Grants integration.

          Note

          This is a Tagged Union structure. Only one of the following top level keys can be set: ReadWriteAccess.

          • ReadWriteAccess (dict) –

            The S3 Access Grants scope.

            • Authorization (string) – [REQUIRED]

              Determines whether the read/write scope is enabled or disabled.

Return type:

dict

Returns:

Response Syntax

{
    'RedshiftIdcApplication': {
        'IdcInstanceArn': 'string',
        'RedshiftIdcApplicationName': 'string',
        'RedshiftIdcApplicationArn': 'string',
        'IdentityNamespace': 'string',
        'IdcDisplayName': 'string',
        'IamRoleArn': 'string',
        'IdcManagedApplicationArn': 'string',
        'IdcOnboardStatus': 'string',
        'AuthorizedTokenIssuerList': [
            {
                'TrustedTokenIssuerArn': 'string',
                'AuthorizedAudiencesList': [
                    'string',
                ]
            },
        ],
        'ServiceIntegrations': [
            {
                'LakeFormation': [
                    {
                        'LakeFormationQuery': {
                            'Authorization': 'Enabled'|'Disabled'
                        }
                    },
                ],
                'S3AccessGrants': [
                    {
                        'ReadWriteAccess': {
                            'Authorization': 'Enabled'|'Disabled'
                        }
                    },
                ]
            },
        ]
    }
}

Response Structure

  • (dict) –

    • RedshiftIdcApplication (dict) –

      Contains properties for the Redshift IDC application.

      • IdcInstanceArn (string) –

        The ARN for the IAM Identity Center instance that Redshift integrates with.

      • RedshiftIdcApplicationName (string) –

        The name of the Redshift application in IAM Identity Center.

      • RedshiftIdcApplicationArn (string) –

        The ARN for the Redshift application that integrates with IAM Identity Center.

      • IdentityNamespace (string) –

        The identity namespace for the Amazon Redshift IAM Identity Center application. It determines which managed application verifies the connection token.

      • IdcDisplayName (string) –

        The display name for the Amazon Redshift IAM Identity Center application. It appears on the console.

      • IamRoleArn (string) –

        The ARN for the Amazon Redshift IAM Identity Center application. It has the required permissions to be assumed and invoke the IDC Identity Center API.

      • IdcManagedApplicationArn (string) –

        The ARN for the Amazon Redshift IAM Identity Center application.

      • IdcOnboardStatus (string) –

        The onboarding status for the Amazon Redshift IAM Identity Center application.

      • AuthorizedTokenIssuerList (list) –

        The authorized token issuer list for the Amazon Redshift IAM Identity Center application.

        • (dict) –

          The authorized token issuer for the Amazon Redshift IAM Identity Center application.

          • TrustedTokenIssuerArn (string) –

            The ARN for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center.

          • AuthorizedAudiencesList (list) –

            The list of audiences for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center.

            • (string) –

      • ServiceIntegrations (list) –

        A list of service integrations for the Redshift IAM Identity Center application.

        • (dict) –

          A list of service integrations.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: LakeFormation, S3AccessGrants. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • LakeFormation (list) –

            A list of scopes set up for Lake Formation integration.

            • (dict) –

              A list of scopes set up for Lake Formation integration.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: LakeFormationQuery. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              
              • LakeFormationQuery (dict) –

                The Lake Formation scope.

                • Authorization (string) –

                  Determines whether the query scope is enabled or disabled.

          • S3AccessGrants (list) –

            A list of scopes set up for S3 Access Grants integration.

            • (dict) –

              A list of scopes set up for S3 Access Grants integration.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: ReadWriteAccess. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              
              • ReadWriteAccess (dict) –

                The S3 Access Grants scope.

                • Authorization (string) –

                  Determines whether the read/write scope is enabled or disabled.

Exceptions

  • Redshift.Client.exceptions.RedshiftIdcApplicationAlreadyExistsFault

  • Redshift.Client.exceptions.DependentServiceUnavailableFault

  • Redshift.Client.exceptions.UnsupportedOperationFault

  • Redshift.Client.exceptions.DependentServiceAccessDeniedFault

  • Redshift.Client.exceptions.RedshiftIdcApplicationQuotaExceededFault