Skip to main content

namespaces

Creates, updates, deletes or gets a namespace resource or lists namespaces in a region

Overview

Namenamespaces
TypeResource
DescriptionDefinition of AWS::RedshiftServerless::Namespace Resource Type
Idawscc.redshiftserverless.namespaces

Fields

NameDatatypeDescription
admin_password_secret_kms_key_idstringThe ID of the AWS Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret. You can only use this parameter if manageAdminPassword is true.
admin_user_passwordstringThe password associated with the admin user for the namespace that is being created. Password must be at least 8 characters in length, should be any printable ASCII character. Must contain at least one lowercase letter, one uppercase letter and one decimal digit. You can't use adminUserPassword if manageAdminPassword is true.
admin_usernamestringThe user name associated with the admin user for the namespace that is being created. Only alphanumeric characters and underscores are allowed. It should start with an alphabet.
db_namestringThe database name associated for the namespace that is being created. Only alphanumeric characters and underscores are allowed. It should start with an alphabet.
default_iam_role_arnstringThe default IAM role ARN for the namespace that is being created.
iam_rolesarrayA list of AWS Identity and Access Management (IAM) roles that can be used by the namespace to access other AWS services. You must supply the IAM roles in their Amazon Resource Name (ARN) format. The Default role limit for each request is 10.
kms_key_idstringThe AWS Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the namespace.
log_exportsarrayThe collection of log types to be exported provided by the customer. Should only be one of the three supported log types: userlog, useractivitylog and connectionlog
manage_admin_passwordbooleanIf true, Amazon Redshift uses AWS Secrets Manager to manage the namespace's admin credentials. You can't use adminUserPassword if manageAdminPassword is true. If manageAdminPassword is false or not set, Amazon Redshift uses adminUserPassword for the admin user account's password.
namespaceobjectDefinition of Namespace resource.
namespace_namestringA unique identifier for the namespace. You use this identifier to refer to the namespace for any subsequent namespace operations such as deleting or modifying. All alphabetical characters must be lower case. Namespace name should be unique for all namespaces within an AWS account.
tagsarrayThe list of tags for the namespace.
final_snapshot_namestringThe name of the namespace the source snapshot was created from. Please specify the name if needed before deleting namespace
final_snapshot_retention_periodintegerThe number of days to retain automated snapshot in the destination region after they are copied from the source region. If the value is -1, the manual snapshot is retained indefinitely. The value must be either -1 or an integer between 1 and 3,653.
namespace_resource_policyobjectThe resource policy document that will be attached to the namespace.
redshift_idc_application_arnstringThe ARN for the Redshift application that integrates with IAM Identity Center.
snapshot_copy_configurationsarrayThe snapshot copy configurations for the namespace.
regionstringAWS region.

For more information, see AWS::RedshiftServerless::Namespace.

Methods

NameResourceAccessible byRequired Params
create_resourcenamespacesINSERTNamespaceName, region
delete_resourcenamespacesDELETEIdentifier, region
update_resourcenamespacesUPDATEIdentifier, PatchDocument, region
list_resourcesnamespaces_list_onlySELECTregion
get_resourcenamespacesSELECTIdentifier, region

SELECT examples

Gets all properties from an individual namespace.

SELECT
  region,
  admin_password_secret_kms_key_id,
  admin_user_password,
  admin_username,
  db_name,
  default_iam_role_arn,
  iam_roles,
  kms_key_id,
  log_exports,
  manage_admin_password,
  namespace,
  namespace_name,
  tags,
  final_snapshot_name,
  final_snapshot_retention_period,
  namespace_resource_policy,
  redshift_idc_application_arn,
  snapshot_copy_configurations
FROM awscc.redshiftserverless.namespaces
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ namespace_name }}';

INSERT example

Use the following StackQL query and manifest file to create a new namespace resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.redshiftserverless.namespaces (
  NamespaceName,
  region
)
SELECT
  '{{ namespace_name }}',
  '{{ region }}';

UPDATE example

Use the following StackQL query and manifest file to update a namespace resource, using stack-deploy.

/*+ update */
UPDATE awscc.redshiftserverless.namespaces
SET PatchDocument = string('{{ {
    "AdminPasswordSecretKmsKeyId": admin_password_secret_kms_key_id,
    "AdminUserPassword": admin_user_password,
    "AdminUsername": admin_username,
    "DbName": db_name,
    "DefaultIamRoleArn": default_iam_role_arn,
    "IamRoles": iam_roles,
    "KmsKeyId": kms_key_id,
    "LogExports": log_exports,
    "ManageAdminPassword": manage_admin_password,
    "Tags": tags,
    "FinalSnapshotName": final_snapshot_name,
    "FinalSnapshotRetentionPeriod": final_snapshot_retention_period,
    "NamespaceResourcePolicy": namespace_resource_policy,
    "RedshiftIdcApplicationArn": redshift_idc_application_arn,
    "SnapshotCopyConfigurations": snapshot_copy_configurations
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ namespace_name }}';

DELETE example

/*+ delete */
DELETE FROM awscc.redshiftserverless.namespaces
WHERE
  Identifier = '{{ namespace_name }}' AND
  region = 'us-east-1';

Permissions

To operate on the namespaces resource, the following permissions are required:

iam:CreateServiceLinkedRole,
iam:PassRole,
kms:TagResource,
kms:UntagResource,
kms:ScheduleKeyDeletion,
kms:CancelKeyDeletion,
kms:Encrypt,
kms:Decrypt,
kms:DescribeKey,
kms:GenerateDataKeyPair,
kms:GenerateDataKey,
kms:CreateGrant,
kms:ListGrants,
kms:RevokeGrant,
kms:RetireGrant,
redshift-serverless:CreateNamespace,
redshift-serverless:GetNamespace,
redshift-serverless:ListSnapshotCopyConfigurations,
redshift-serverless:CreateSnapshotCopyConfiguration,
redshift-serverless:ListTagsForResource,
redshift-serverless:TagResource,
redshift:GetResourcePolicy,
redshift:PutResourcePolicy,
secretsmanager:CreateSecret,
secretsmanager:TagResource,
secretsmanager:RotateSecret,
secretsmanager:DescribeSecret