GETIDENTITYCENTERAUTHTOKEN()`¶

About GetIdentityCenterAuthToken¶

Generates an encrypted authentication token that propagates the caller's Amazon Web Services IAM Identity Center identity to Amazon Redshift clusters. This API extracts the Amazon Web Services IAM Identity Center identity from enhanced credentials and creates a secure token that Amazon Redshift drivers can use for authentication.

The token is encrypted using Key Management Service (KMS) and can only be decrypted by the specified Amazon Redshift clusters. The token contains the caller's Amazon Web Services IAM Identity Center identity information and is valid for a limited time period.

This API is exclusively for use with Amazon Web Services IAM Identity Center enhanced credentials. If the caller is not using enhanced credentials with embedded Amazon Web Services IAM Identity Center identity, the API will return an error.

Method Signature¶

METHODS /AWS1/IF_RSH~GETIDENTITYCENTERAUTHTOKEN
  IMPORTING
    !IT_CLUSTERIDS TYPE /AWS1/CL_RSHCLUSTERIDLIST_W=>TT_CLUSTERIDENTIFIERLIST OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_rshgetidcenauthtokrsp
  RAISING
    /AWS1/CX_RSHCLUSTNOTFOUNDFAULT
    /AWS1/CX_RSHINVCLUSTSTATEFAULT
    /AWS1/CX_RSHREDINVPARAMFAULT
    /AWS1/CX_RSHUNSUPPORTEDOPFAULT
    /AWS1/CX_RSHCLIENTEXC
    /AWS1/CX_RSHSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING¶

Required arguments:¶

`it_clusterids` `TYPE /AWS1/CL_RSHCLUSTERIDLIST_W=>TT_CLUSTERIDENTIFIERLIST` `TT_CLUSTERIDENTIFIERLIST`¶

A list of cluster identifiers that the generated token can be used with. The token will be scoped to only allow authentication to the specified clusters.

Constraints:

ClusterIds must contain at least 1 cluster identifier.

ClusterIds can hold a maximum of 20 cluster identifiers.

Cluster identifiers must be 1 to 63 characters in length.

The characters accepted for cluster identifiers are the following:

Alphanumeric characters

Hyphens

Cluster identifiers must start with a letter.

Cluster identifiers can't end with a hyphen or contain two consecutive hyphens.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_rshgetidcenauthtokrsp` `/AWS1/CL_RSHGETIDCENAUTHTOKRSP`¶

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->getidentitycenterauthtoken(
  it_clusterids = VALUE /aws1/cl_rshclusteridlist_w=>tt_clusteridentifierlist(
    ( new /aws1/cl_rshclusteridlist_w( |string| ) )
  )
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_sensitivestring = lo_result->get_token( ).
  lv_tstamp = lo_result->get_expirationtime( ).
ENDIF.

/AWS1/IF_RSH=>GETIDENTITYCENTERAUTHTOKEN()¶