Access Redshift inside a VPC through a SQL client

0
votes

I have a Redshift cluster inside a VPC, inside the default subnet that was created during launch with all default rules. As I am trying to connect to Redshift from SQL workbench, I realized I had to add an inbound rule to allow traffic from my IP to be able to connect to Redshift from my laptop SQLWorkbench.

Other members in my team would like to access the Redshift cluster for general querying and I am sure adding a separate rule for each laptop is not the right way to let them query the database. How would I provision querying access to them and manage redshift access in general?

Thank you!

1
databaseamazon-web-servicesamazon-redshift

1 Answers

0
votes

If the other users are all accessing the Amazon Redshift cluster from the same corporate network, then they will also have the same IP address. This IP address would be associated with the router that connects your corporate network to the Internet.

If, however, they are all accessing from different locations (eg from home, or from different offices), then you should add an IP address for each of them. This is a safe way to provision access, rather than making it available to the entire Internet.

An alternative method would be to create an Amazon EC2 instance as a bastion server and grant access to the Redshift cluster from the bastion. Then, each user could connect to Redshift by first establishing an ssh connection to the bastion with port forwarding enabled, which will provide a connection to the Redshift cluster via the bastion.

See:

You could then open the bastion to the entire Internet, since it acts as an additional layer of security.