I am new to AWS. I am trying to establish my lambda function to the AWS Redshift so that I can query the database. I have stored the credentials in the secret key manager.
I understand that the secret key manager has provided a sample code to retrieve the sercet in the application. However, I have no idea how to get going after copying the code in my lambda function.
handler.py
# Use this code snippet in your app.
# If you need more information about configurations or implementing the sample code, visit the AWS docs:
# https://aws.amazon.com/developers/getting-started/python/
import boto3
import base64
from botocore.exceptions import ClientError
def get_secret():
secret_name = "mykeyname"
region_name = "myregionname"
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
# In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
# See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
# We rethrow the exception by default.
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
if e.response['Error']['Code'] == 'DecryptionFailureException':
# Secrets Manager can't decrypt the protected secret text using the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InternalServiceErrorException':
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidParameterException':
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidRequestException':
# You provided a parameter value that is not valid for the current state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
else:
# Decrypts secret using the associated KMS CMK.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
else:
decoded_binary_secret = base64.b64decode(get_secret_value_response['SecretBinary'])
# Your code goes here.
How do I check if the connection is established and how do i query from the redshift?
And I understand that we need to have lambda_handler(event,context) in the code.
There are two ways to run queries in Amazon Redshift.
SQL Client
Amazon Redshift is based on PostgreSQL. Therefore, you can use any SQL Client that knows how to talk to PostgreSQL.
For Python, a popular choice is to use Psycopg – PostgreSQL database adapter for Python.
To connect, you would supply an endpoint, username and password. Make sure the Security Group on the Redshift database permits access from the security group associated with the AWS Lambda function.
Redshift Data API
A newer way to connect to Redshift is via the Data API, which avoids the need for an SQL client.
It uses IAM credentials, so you don't actually need that password stored in Secrets Manager. Also, it does not need to be connected to the same VPC as the Redshift database.
Frankly, this sounds like a better way to connect. (I haven't tried it myself yet.)
See: Announcing Data API for Amazon Redshift