https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935049#M2777 <P>These are two different ways to authenticate.</P> <P>IAM Roles for EC2&nbsp;when used&nbsp;<SPAN>generate temporary security credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY i.e. the key pair) for your session.</SPAN></P> <P>Key pair is a static&nbsp;<SPAN>AWS_ACCESS_KEY_ID and&nbsp;AWS_SECRET_ACCESS_KEY.</SPAN></P> <P>Best practice on AWS would be to use IAM roles. If you are following the AWS well architected framework or have an architecture review through the AWS Partner Network (APN) there is now criteria that says static&nbsp;&nbsp;<SPAN>AWS_ACCESS_KEY_ID and&nbsp;AWS_SECRET_ACCESS_KEY should not be used in this scenario. </SPAN></P> <P><SPAN>It's also easier to manage as normally you have to have a process to rotate the credentials&nbsp;every 30-90 days if you are working in any kind of regulated&nbsp;environment. This&nbsp;management overhead just goes away with IAM Roles as they generate new short lived credentials on the fly.</SPAN></P> <P>&nbsp;</P> Tue, 24 May 2022 18:14:50 GMT mattdevdba 2022-05-24T18:14:50Z https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935042#M2775 <P>If I choose&nbsp; "IAM Roles for EC2", then I am also asked for "IAM Role ARN"<BR />I am assuming that Replicate uses the former to write to S3, and the latter as part of Redshift's COPY command ?<BR /><BR />However,&nbsp;<BR />If I choose "Key Pair", then I am not asked for an "IAM Role ARN".<BR />So does Replicate then use the Key pair for both writing &amp; COPY ?<BR /><BR />Any reason for the different approach between the two approaches of single/dual credentials ?<BR /><BR />Many Thanks<BR /><BR /></P> Tue, 24 May 2022 17:39:28 GMT https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935042#M2775 simonB2020 2022-05-24T17:39:28Z https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935045#M2776 <P>@<SPAN style="background-color:rgb(255,255,255);color:rgb(46,46,46);font-size:13px;"><STRONG>simonB2020</STRONG></SPAN></P> <P>&nbsp;</P> <P>1. for both S3 staging IAM or Key , Replicate will write to S3 and then copy to Redshift.</P> <P>&nbsp;</P> <P>2. The option was offer because some customer want to use IAM and some want to use key pair, performance is the same.</P> <P>&nbsp;</P> <P>Note from the user guide on IAM :</P> <P><STRONG>IAM Roles for EC2</STRONG></P> <P>Choose this method if the machine on which Qlik Replicate is installed is configured to authenticate itself using an IAM role.</P> <P>For more information about this access option, see:</P> <P><A href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html" target="_blank"><U>http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html</U></A></P> <P><U><A href="https://help.qlik.com/en-US/replicate/May2022/Content/Replicate/Main/Amazon%20Redshift/set_up_redshift_as_target.htm" target="_blank">https://help.qlik.com/en-US/replicate/May2022/Content/Replicate/Main/Amazon%20Redshift/set_up_redshift_as_target.htm</A></U></P> Tue, 24 May 2022 18:07:51 GMT https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935045#M2776 Steve_Nguyen 2022-05-24T18:07:51Z https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935049#M2777 <P>These are two different ways to authenticate.</P> <P>IAM Roles for EC2&nbsp;when used&nbsp;<SPAN>generate temporary security credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY i.e. the key pair) for your session.</SPAN></P> <P>Key pair is a static&nbsp;<SPAN>AWS_ACCESS_KEY_ID and&nbsp;AWS_SECRET_ACCESS_KEY.</SPAN></P> <P>Best practice on AWS would be to use IAM roles. If you are following the AWS well architected framework or have an architecture review through the AWS Partner Network (APN) there is now criteria that says static&nbsp;&nbsp;<SPAN>AWS_ACCESS_KEY_ID and&nbsp;AWS_SECRET_ACCESS_KEY should not be used in this scenario. </SPAN></P> <P><SPAN>It's also easier to manage as normally you have to have a process to rotate the credentials&nbsp;every 30-90 days if you are working in any kind of regulated&nbsp;environment. This&nbsp;management overhead just goes away with IAM Roles as they generate new short lived credentials on the fly.</SPAN></P> <P>&nbsp;</P> Tue, 24 May 2022 18:14:50 GMT https://community.qlik.com/t5/Qlik-Replicate/Redshift-S3-Staging-Credentials/m-p/1935049#M2777 mattdevdba 2022-05-24T18:14:50Z