Redshift
Here is how to connect decube to Reshift
To allow our connector to access your Redshift instance, you will need to either:
- 1.Allow public access
- 2.Connect through a SSH Bastion
You can still limit who can connect to your Redshift instance through security-group inbound rules when you enable public access.
Go to Actions > Modify publicly accessible setting
Ref 1.1
Check
Turn on Publicly accessible and select an Elastic IP address
Ref 1.2
Navigate to the
Properties tab
Ref 1.3
Scroll down to the
Network and security settings and click through to your security group
Ref 1.4
Navigate to the
Inbound rules tab and click Edit inbound rules
Ref 1.5
Click
Add rule and in Type choose Redshift and in the Source section, add all of Decube's collector IPs. You will need to post-fix the IP with /32 to limit it to only that IP. I.e.
xxx.xxx.xxx.xxx/32
Ref 1.5
Be careful with modifying inbound rule policies. It can affect connectivity within your own VPC if you remove existing rules.
You can also use a SSH Bastion if enabling public access is not an option. Setting up a Bastion host is out of the scope of this guide but you can refer to SSH Tunneling guide for more information.
Once you have setup a Bastion host, modify your Redshift security group inbound rule (refer to Ref 1.5) to allow source connection from your Bastion host's private IP address instead.
Connecting to decube is as easy as providing us with credentials to your Redshift database. At a minimum, we require
usernamepasswordhost addresshost portdatabase name
Connect to Redshift
The
source name will be for you to differentiate and recognize particular sources within the decube application.We strongly encourage you to create a decube read-only user for this credential purpose, which you can follow these steps.
We highly recommend that you create a Read-Only user for decube. We have prepared a script that you may run on your Redshift database to create this user.
- 1.Create a New User for decube
CREATE ROLE decube WITH LOGIN ENCRYPTED PASSWORD 'a_new_password';
2. Allow connection to the Database
GRANT CONNECT ON DATABASE "your_db_name" TO decube;
3. We need access to information_schema
GRANT USAGE ON SCHEMA information_schema TO decube;
GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO decube;
4. You may need to run this per schema that you have based on the default behavior of the schema.
GRANT USAGE ON SCHEMA <schema_name> TO decube;
GRANT SELECT ON ALL TABLES IN SCHEMA TO decube;
If you want all of the tables in all your schemas to be included in decube, runt the following SQL script:
DO $do$
DECLARE
sch text;
BEGIN
FOR sch IN SELECT nspname FROM pg_namespace where nspname !~* 'pg|information_schema'
LOOP
EXECUTE format($$ GRANT USAGE ON SCHEMA %I TO decube $$, sch);
EXECUTE format($$ GRANT SELECT ON ALL TABLES IN SCHEMA %I TO decube $$, sch);
END LOOP;
END;
$do$;
Last modified 1mo ago