Amazon Redshift Security Group Issues

0
votes

When a new security group is added, or the existing one is modified, the affects are not visible. For instance, I have a security group called “mdi-sg-redshift” with two rules:

AWS Security Group Rules

As you can see, these rules allow inbounds from anyone across the globe. When applied to the cluster, they should allow inbounds at those ports. Does NOT work! I have rebooted the cluster to no affect. Here is the snapshot of my Redshift Cluster:

The Redshift Cluster snapshot

Here is the snapshot of the port scanner.

enter image description here

The cluster was rebooted several times to no effect.

Also noted that the cluster belongs to the same region as the VPC and the security group. The cluster belongs to the VPC that has the security group applied.

I have seen similar issues on EC2 side, but reboots usually fixed it. Not this time.

Anyone with insights? Thanks!

2
amazon-web-servicesamazon-ec2amazon-redshift

2 Answers

0
votes

This sounds mostly a VPC rules issue.

Things I will check:

  • Do you get the same issue if you create your cluster outside of VPC?
  • Check Cluster Subnet group. It says default in your screen shot. Which subnet groups is dded to this default subnet group? Make sure your cluster is running in the subnet which is added to default subnet group.
  • Check VPC security group policy for the Red-shift cluster
  • Did this set-up ever worked in the past ? OR is it the 1st time you are working on this cluster? If it worked in the past, then what setting with respect to VPC/cluster subnet group/ VPC security groups has changed?
0
votes

Where are you accessing Redshift from?

  • If you ar trying to access Redshift from outside VPC then please check the Route Table for an entry of Internet Gateway (to verify if the Redshift cluster is publicly available over internet)

  • If you are trying to access Redshift from within VPC then there might be some other issue that might be stopping access