namespaces

Creates, updates, deletes or gets a namespace resource or lists namespaces in a region

Overview

Name	`namespaces`
Type	Resource
Description	Definition of AWS::RedshiftServerless::Namespace Resource Type
Id	`aws.redshiftserverless.namespaces`

Fields

Name	Datatype	Description
`admin_password_secret_kms_key_id`	`string`	The ID of the AWS Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret. You can only use this parameter if manageAdminPassword is true.
`admin_user_password`	`string`	The password associated with the admin user for the namespace that is being created. Password must be at least 8 characters in length, should be any printable ASCII character. Must contain at least one lowercase letter, one uppercase letter and one decimal digit. You can't use adminUserPassword if manageAdminPassword is true.
`admin_username`	`string`	The user name associated with the admin user for the namespace that is being created. Only alphanumeric characters and underscores are allowed. It should start with an alphabet.
`db_name`	`string`	The database name associated for the namespace that is being created. Only alphanumeric characters and underscores are allowed. It should start with an alphabet.
`default_iam_role_arn`	`string`	The default IAM role ARN for the namespace that is being created.
`iam_roles`	`array`	A list of AWS Identity and Access Management (IAM) roles that can be used by the namespace to access other AWS services. You must supply the IAM roles in their Amazon Resource Name (ARN) format. The Default role limit for each request is 10.
`kms_key_id`	`string`	The AWS Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the namespace.
`log_exports`	`array`	The collection of log types to be exported provided by the customer. Should only be one of the three supported log types: userlog, useractivitylog and connectionlog
`manage_admin_password`	`boolean`	If true, Amazon Redshift uses AWS Secrets Manager to manage the namespace's admin credentials. You can't use adminUserPassword if manageAdminPassword is true. If manageAdminPassword is false or not set, Amazon Redshift uses adminUserPassword for the admin user account's password.
`namespace`	`object`	Definition of Namespace resource.
`namespace_name`	`string`	A unique identifier for the namespace. You use this identifier to refer to the namespace for any subsequent namespace operations such as deleting or modifying. All alphabetical characters must be lower case. Namespace name should be unique for all namespaces within an AWS account.
`tags`	`array`	The list of tags for the namespace.
`final_snapshot_name`	`string`	The name of the namespace the source snapshot was created from. Please specify the name if needed before deleting namespace
`final_snapshot_retention_period`	`integer`	The number of days to retain automated snapshot in the destination region after they are copied from the source region. If the value is -1, the manual snapshot is retained indefinitely. The value must be either -1 or an integer between 1 and 3,653.
`namespace_resource_policy`	`object`	The resource policy document that will be attached to the namespace.
`redshift_idc_application_arn`	`string`	The ARN for the Redshift application that integrates with IAM Identity Center.
`snapshot_copy_configurations`	`array`	The snapshot copy configurations for the namespace.
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`NamespaceName, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all namespaces in a region.

SELECT
region,
admin_password_secret_kms_key_id,
admin_user_password,
admin_username,
db_name,
default_iam_role_arn,
iam_roles,
kms_key_id,
log_exports,
manage_admin_password,
namespace,
namespace_name,
tags,
final_snapshot_name,
final_snapshot_retention_period,
namespace_resource_policy,
redshift_idc_application_arn,
snapshot_copy_configurations
FROM aws.redshiftserverless.namespaces
WHERE region = 'us-east-1';

Gets all properties from an individual namespace.

SELECT
region,
admin_password_secret_kms_key_id,
admin_user_password,
admin_username,
db_name,
default_iam_role_arn,
iam_roles,
kms_key_id,
log_exports,
manage_admin_password,
namespace,
namespace_name,
tags,
final_snapshot_name,
final_snapshot_retention_period,
namespace_resource_policy,
redshift_idc_application_arn,
snapshot_copy_configurations
FROM aws.redshiftserverless.namespaces
WHERE region = 'us-east-1' AND data__Identifier = '<NamespaceName>';

`INSERT` example

Use the following StackQL query and manifest file to create a new namespace resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.redshiftserverless.namespaces (
 NamespaceName,
 region
)
SELECT 
'{{ NamespaceName }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.redshiftserverless.namespaces (
 AdminPasswordSecretKmsKeyId,
 AdminUserPassword,
 AdminUsername,
 DbName,
 DefaultIamRoleArn,
 IamRoles,
 KmsKeyId,
 LogExports,
 ManageAdminPassword,
 NamespaceName,
 Tags,
 FinalSnapshotName,
 FinalSnapshotRetentionPeriod,
 NamespaceResourcePolicy,
 RedshiftIdcApplicationArn,
 SnapshotCopyConfigurations,
 region
)
SELECT 
 '{{ AdminPasswordSecretKmsKeyId }}',
 '{{ AdminUserPassword }}',
 '{{ AdminUsername }}',
 '{{ DbName }}',
 '{{ DefaultIamRoleArn }}',
 '{{ IamRoles }}',
 '{{ KmsKeyId }}',
 '{{ LogExports }}',
 '{{ ManageAdminPassword }}',
 '{{ NamespaceName }}',
 '{{ Tags }}',
 '{{ FinalSnapshotName }}',
 '{{ FinalSnapshotRetentionPeriod }}',
 '{{ NamespaceResourcePolicy }}',
 '{{ RedshiftIdcApplicationArn }}',
 '{{ SnapshotCopyConfigurations }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: namespace
    props:
      - name: AdminPasswordSecretKmsKeyId
        value: '{{ AdminPasswordSecretKmsKeyId }}'
      - name: AdminUserPassword
        value: '{{ AdminUserPassword }}'
      - name: AdminUsername
        value: '{{ AdminUsername }}'
      - name: DbName
        value: '{{ DbName }}'
      - name: DefaultIamRoleArn
        value: '{{ DefaultIamRoleArn }}'
      - name: IamRoles
        value:
          - '{{ IamRoles[0] }}'
      - name: KmsKeyId
        value: '{{ KmsKeyId }}'
      - name: LogExports
        value:
          - '{{ LogExports[0] }}'
      - name: ManageAdminPassword
        value: '{{ ManageAdminPassword }}'
      - name: NamespaceName
        value: '{{ NamespaceName }}'
      - name: Tags
        value:
          - Key: '{{ Key }}'
            Value: '{{ Value }}'
      - name: FinalSnapshotName
        value: '{{ FinalSnapshotName }}'
      - name: FinalSnapshotRetentionPeriod
        value: '{{ FinalSnapshotRetentionPeriod }}'
      - name: NamespaceResourcePolicy
        value: {}
      - name: RedshiftIdcApplicationArn
        value: '{{ RedshiftIdcApplicationArn }}'
      - name: SnapshotCopyConfigurations
        value:
          - DestinationRegion: '{{ DestinationRegion }}'
            DestinationKmsKeyId: '{{ DestinationKmsKeyId }}'
            SnapshotRetentionPeriod: '{{ SnapshotRetentionPeriod }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.redshiftserverless.namespaces
WHERE data__Identifier = '<NamespaceName>'
AND region = 'us-east-1';

Permissions

To operate on the namespaces resource, the following permissions are required:

Create

iam:PassRole,
kms:TagResource,
kms:UntagResource,
kms:ScheduleKeyDeletion,
kms:CancelKeyDeletion,
kms:Encrypt,
kms:Decrypt,
kms:DescribeKey,
kms:GenerateDataKeyPair,
kms:GenerateDataKey,
kms:CreateGrant,
kms:ListGrants,
kms:RevokeGrant,
kms:RetireGrant,
redshift-serverless:CreateNamespace,
redshift-serverless:GetNamespace,
redshift-serverless:ListSnapshotCopyConfigurations,
redshift-serverless:CreateSnapshotCopyConfiguration,
redshift:GetResourcePolicy,
redshift:PutResourcePolicy,
secretsmanager:CreateSecret,
secretsmanager:TagResource,
secretsmanager:RotateSecret,
secretsmanager:DescribeSecret

Read

iam:PassRole,
redshift-serverless:GetNamespace,
redshift:GetResourcePolicy,
redshift-serverless:ListSnapshotCopyConfigurations

Update

iam:PassRole,
kms:TagResource,
kms:UntagResource,
kms:ScheduleKeyDeletion,
kms:CancelKeyDeletion,
kms:Encrypt,
kms:Decrypt,
kms:DescribeKey,
kms:CreateGrant,
kms:ListGrants,
kms:RevokeGrant,
kms:RetireGrant,
kms:GenerateDataKeyPair,
kms:GenerateDataKey,
redshift-serverless:UpdateNamespace,
redshift-serverless:GetNamespace,
redshift-serverless:ListSnapshotCopyConfigurations,
redshift-serverless:CreateSnapshotCopyConfiguration,
redshift-serverless:UpdateSnapshotCopyConfiguration,
redshift-serverless:DeleteSnapshotCopyConfiguration,
redshift:GetResourcePolicy,
redshift:PutResourcePolicy,
redshift:DeleteResourcePolicy,
secretsmanager:CreateSecret,
secretsmanager:TagResource,
secretsmanager:RotateSecret,
secretsmanager:DescribeSecret,
secretsmanager:UpdateSecret,
secretsmanager:DeleteSecret

Delete

iam:PassRole,
redshift-serverless:DeleteNamespace,
redshift-serverless:GetNamespace,
kms:RetireGrant,
secretsmanager:DescribeSecret,
secretsmanager:DeleteSecret,
redshift:DeleteResourcePolicy

List

iam:PassRole,
redshift-serverless:ListNamespaces

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​