![]() After the secure hash is generated, it’s returned to Amazon Redshift and combined in an Amazon Redshift view. ![]() This key is generated and stored by Secrets Manager and should be accessible only to allowed applications. To further secure the hash, keyed hashing is used, which is a faster and simpler alternative to hash-based message authentication code (HMAC). The hashing mechanism used here is the popular BLAKE2 function (available in the Python library hashlib). To generate a hash, Amazon Redshift invokes a scalar Lambda UDF. The first step in the solution is to generate a hash or a message digest of the set of attributes in Amazon Redshift by invoking a Lambda function. The following figure shows the workflow to perform write-backs from QuickSight. AWS Secrets Manager – Stores and manages keys to sign hashes (message digest)Īlthough this solution uses Amazon Redshift as the data store, a similar approach can be implemented with any database that supports creating user-defined functions (UDFs) that can invoke Lambda. ![]()
0 Comments
Leave a Reply. |