This section provides information on how to enable Redshift connectivity and create one or more connections to Redshift sources. 

Pre-requisites

Before you begin, please verify that your  meets the following requirements:


Tip: If the credentials used to connect to S3 do not provide access to Redshift, you can create an independent IAM role to provide access from Redshift to S3. If this separate role is available, the Redshift connection uses it instead. There may be security considerations.


  1. S3 base storage layer: Redshift access requires use of S3 as the base storage layer, which must be enabled. See Set Base Storage Layer. 
  2. Same region: The Redshift cluster must be in the same region as the default S3 bucket.
  3. Integration: Your   is connected to a running environment supported by your product edition.


  4. Deployment:  is deployed either on-premises or in EC2.

Permissions

Access to Redshift requires:

If the credentials used to connect to S3 do not provide access to Redshift, you can create an independent IAM role to provide access from Redshift to S3. If this separate role is available, the Redshift connection uses it instead. 

NOTE: There may be security considerations with using an independent role to govern this capability.

Steps:

  1. The IAM role must contain the required S3 permissions. See Required AWS Account Permissions.
  2. The Redshift cluster should be assigned this IAM role. For more information, see https://docs.aws.amazon.com/redshift/latest/mgmt/authorizing-redshift-service.html.

Limitations


Create Connection

You can create Redshift connections through the following methods.

Tip: SSL connections are recommended. Details are below.

Create through application

Any user can create a Redshift connection through the application.

Steps:

  1. Login to the application.
  2. In the menu, click the Connections icon.
  3. In the Create Connection page, click the Redshift connection card.
  4. Specify the properties for your Redshift database connection:

    PropertyDescription
    Host

    Hostname of the Redshift cluster

    NOTE: This value must be the full hostname of the cluster, which may include region information.

    PortPort number used to access the Redshift cluster. Default is 5439.
    Connect String OptionsPlease insert any connection options as a string here. See below.
    DatabaseThe Redshift database to which to connect on the cluster
    Credential TypeOptions: Basic authentication with optional IAM role ARN: Basic authentication credentials specified in this window are used to connect to the Redshift database. Additional permissions may be governed by any ARN specified in the IAM role used for the account. Use this option if you are planning to specify a database username/password combination as part of the connection. IAM Role: Connection to Redshift is governed by the IAM role associated with the user's account.
    UsernameUsername with which to connect to the Redshift database
    PasswordPassword associated with the Redshift username
    IAM Role ARN for Redshift/S3 connectivity

    (Optional) You can specify an IAM role ARN that enables role-based connectivity between Redshift and the S3 bucket that is used as intermediate storage during Redshift bulk COPY/UNLOAD operations. Example:

    arn:aws:iam::1234567890:role/MyRedshiftRole


    For more information, see Configure for EC2 Role-Based Authentication.


    For more information on the other options, see Create Connection Window.

  5. Click Save

Enable SSL connections

To enable SSL connections to Redshift, you must enable them first on your Redshift cluster. For more information, see https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html.

In your connection to Redshift, please add the following string to your Connect String Options:

;ssl=true

Save your changes.

Create via API

For more information, see 

operation/createConnection

Reference

Connection URL

The properties that you provide are inserted into the following URL, which connects  to the connection:

jdbc:redshift://<host>:<port>/<database><connect-string-options>

Connect string options

The connect string options are optional. If you are passing additional properties and values to complete the connection, the connect string options must be structured in the following manner:

;<prop1>=<val1>&<prop2>=<val2>;...

where:

Delimiters:

Example

Access through AWS key-secret

The following example connection URL uses an AWS key/secret combination (IAM user) to access Redshift:

jdbc:redshift:iam://<redshift_clustername:region_name>:<port_number>/<database_name>?AccessKeyID=<access_key_value>&SecretAccessKey=<secret_key_value>&DBUser=<database_user_name>

where:

Access through IAM role and temporary credentials

The following example connection URL uses an AWS/Key secret combination using temporary credentials:

jdbc:redshift:iam://<redshift_clustername:region_name>:<port_number>/<database_name>?AccessKeyID=<access_key_value>&SecretAccessKey=<secret_key_value>&SessionToken=<session_token>&DBUser=<database_user_name>

where:

Driver Information

This connection uses the following driver:

Troubleshooting

For more information, see https://docs.aws.amazon.com/redshift/latest/mgmt/troubleshooting-connections.html.

Use

For more information, see Redshift Browser.

For more information about interacting with data on Redshift, see Using Redshift.

Testing

Import a dataset from Redshift. Add it to a flow, and specify a publishing action. Run a job.

NOTE: When publishing to Redshift through the Publishing dialog, output must be in Avro or JSON format. This limitation does not apply to direct writing to Redshift.