cannot access AWS redshift (EC2-classic) from SQL workbench in local computer despite all open Security Group

Okay, thanks to some prompt tweets from RahulPathak where he said:

Tweet 1 - link to tweet:

security group enables access from EC2 instances. You need CIDR rules for your local machine

Tweet 2 - link to tweet:

security group only counts for ec2 instances. you’ll need CIDR rules on the cluster for local machine.

So go to your Redshift cluster security group page, and authorize a new CIDR/IP connection type for your cluster security group. Then add the CIDR/IP value as needed for your secure setup.

After searching a bit further, the relevant AWS documentation was found * in this page * where it says:

If you attempt to connect to the cluster from a client tool outside of the network that the cluster is in, you must add an ingress rule to the cluster security group for the CIDR/IP that you are connecting from...

I assume you run in VPC configuration, not EC2 Classic. One possiblity is that the VPC/subnet your Redshift cluster is running in is not accessible from the Internet.

Start up an instance in the same subnet. In the Redshift security group allow all traffic from subnet (or VPC CIDR) to the port Redshift is running on. Looks like you got that already as you allow from anywhere. Try to telnet from that instance to the Redshift cluster (telnet ). You have to get a connection or your port or security group setting is off. Within the subnet the Redshift endpoint resolves to the internal IP address, so it's down to the SG to allow connection.

When this works, but you cannot connect from the outside there are a couple of options. You are missing the IGW on the VPC, or the route on the subnet to the IGW to route the Internet/public traffic to the cluster or the SG blocks the traffic. The missing IGW/route you will most likely experience when you are not able to directly connect to the instance you spun up in the same subnet as Redshift.