I am trying to make a simple REST API to query a Redshift DB. I was granted access and can view the tables in DBeaver, but when I try to access it programmatically, I get:
Invalid operation: permission denied for relation "account"
Is this something that I am doing wrong in my code or is this a permission that I need to be granted?
For another application, we have to use AWS credentials and a AWSClientBuilder,etc. Is that the route I need to go here or can I finish my Proof of Concept with just the username and password that I use to access it on my SQL client?
Here is my code:
application.properties:
spring.jpa.show-sql=true
spring.datasource.url=jdbc:redshift://mydb.blah.region.redshift.amazonaws.com:5439/dev?currentSchema=myschema
spring.datasource.username=user
spring.datasource.password=pass
spring.datasource.dbcp2.validation-query=SELECT 1
spring.datasource.driver-class-name=com.amazon.redshift.jdbc42.Driver
I have also tried adding ;UID=user;PWD=pass;
to the end of the datasource.url, but didn't change anything.
Controller:
@RestController
@RequestMapping("/")
public class ContactController {
private RedshiftRepo repo;
@Autowired
public ContactController(RedshiftRepo repo) {
this.repo = repo;
}
@GetMapping(value = "/get")
public ResponseEntity<List<Contact>> getTest(){
List<Contact> list = repo.findAll();
return new ResponseEntity<List<Contact>>(list, HttpStatus.OK);
}
@GetMapping(value = "/getByEmail")
public ResponseEntity<List<Contact>> getByEmail(@RequestParam String email){
List<Contact> list = repo.getContactByEmail(email);
return new ResponseEntity<List<Contact>>(list, HttpStatus.OK);
}
}
RedshiftRepo:
@Repository
public interface RedshiftRepo extends JpaRepository<Contact, Integer>{
@Query("select id, firstname, lastname, accountid from Contact c where c.email = ?1")
public Contact getContactByEmail(String email);
}
Entity:
@Entity
@Table(name ="account")
public class Contact {
@Id
private String id;
private String firstname;
private String lastname;
private String accountid;
}
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.1</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.contactAPI</groupId>
<artifactId>pocContactAPI</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>pocContactAPI</name>
<description>Contact Getter</description>
<properties>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-redshift</artifactId>
<version>1.11.999</version>
</dependency>
<dependency>
<groupId>com.amazon.redshift</groupId>
<artifactId>redshift-jdbc42-no-awssdk</artifactId>
<version>1.2.41.1065</version>
</dependency>
</dependencies>
<repositories>
<repository>
<id>redshift</id>
<url>http://redshift-maven-repository.s3-website-us-east-1.amazonaws.com/release</url>
</repository>
</repositories>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
When I wrote this, I was trying to put the code into a Lambda function that was on a different AWS account from the Redshift it was trying to access. The same code worked fine when I put it in the same account.
So, the problem is probably that the Lambda needed IAM/security group permissions to access the Redshift, even though I was not using the RedShiftClient.
Not sure if that is the only solution, but that is what worked for me.