Use {custom} domains with Amazon Redshift

By
Tabon Batang
-
0
1


Amazon Redshift is a completely managed, petabyte-scale knowledge warehouse service within the cloud. With Amazon Redshift, you may analyze all of your knowledge to derive holistic insights about your small business and your clients.

Amazon Redshift now helps {custom} URLs or {custom} domains to your knowledge warehouse. You would possibly need to use a {custom} area title or CNAME (Canonical Identify) for the next causes:

  • A {custom} area title is easy to recall and use.
  • Routing connections is much less disruptive. The connections from the shopper are pointed to the DNS document and never the server title. This allows you to simply route connections to new clusters in failover or catastrophe restoration situations.
  • Now you can obfuscate your server names with a pleasant {custom} area title.
  • It helps you keep away from software code or connectivity adjustments in case the underlying knowledge warehouse is migrated to a distinct Area or the endpoint is modified.

On this publish, we focus on how one can modify your knowledge warehouse to make use of {custom} domains and the way to connect with a knowledge warehouse that has been configured with a {custom} URL.

Pre-requisites

To get began, you want a registered area title. You need to use Amazon Route 53 or a third-party area registrar to register a site.

You additionally want a validated Safe Sockets Layer (SSL) certificates to your {custom} endpoints. That is to confirm possession of the area title and safe communication. You need to use AWS Certificates Supervisor (ACM) to provision, handle, and deploy public SSL/TLS certificates. You should use verify-full mode, which ensures that the connections are encrypted and verifies that the hostname of the server matches the hostname within the certificates.

Lastly, you have to connect the required permissions to the AWS Id and Entry Administration (IAM) function that’s assigned to the related customers and teams that may handle your Redshift knowledge warehouse. These fluctuate relying on if you happen to’re utilizing Amazon Redshift provisioned or Amazon Redshift Serverless. The permissions wanted for the required actions are listed within the following desk.

Motion IAM Permission
Redshift Provisioned Redshift Serverless
Create {custom} area for datawarehouse

redshift:CreateCustomDomainAssociation

acm:DescribeCertificate

redshiftServerless:CreateCustomDomainAssociation

acm:DescribeCertificate
Renaming cluster that has {custom} area title acm:DescribeCertificate Not wanted
Altering certificates for affiliation

redshift:ModifyCustomDomainAssociation

acm:DescribeCertificate

redshiftServerless:UpdateCustomDomainAssociation

acm:DescribeCertificate
Deleting {custom} area redshift:DeleteCustomDomainAssociation redshiftServerless:DeleteCustomDomainAssociation
Connecting to the info warehouse utilizing {custom} area title redshift:DescribeCustomDomainAssociations Not wanted

The next screenshot reveals an instance of making an IAM coverage on the IAM console.

Creating DNS CNAME entry for {custom} area title

The {custom} area title usually consists of the basis area and a subdomain, like mycluster.mycompany.com. You possibly can both register a brand new root area or use an present one. For extra details about registering a brand new area with Route 53, seek advice from Registering a brand new area.

After you set that up, you may add a DNS document that factors your {custom} CNAME to the Redshift endpoint. You’ll find the info warehouse endpoint on the Amazon Redshift console on the cluster element web page.

The next screenshot illustrates finding a provisioned endpoint.

The next screenshot illustrates finding a serverless endpoint.

Now that you’ve created the CNAME entry, you may request a certificates from ACM. Full the next steps:

  1. Open the ACM console and select Request a certificates.
  2. For Totally certified area title, enter your {custom} area title.
  3. Select Request.
  4. Verify that the request is validated by the proprietor of the area by checking the standing of the certificates.

The standing must be Issued.

Now that you’ve created the CNAME document and certificates, you may create the {custom} area URL to your Redshift cluster utilizing the Amazon Redshift console.

Creating {custom} area for a provisioned occasion

To create a {custom} area for a provisioned occasion, full the next steps:

  1. On the Amazon Redshift console, navigate to your provisioned occasion element web page.
  2. On the Actions menu, select Create {custom} area title.
  3. For Customized area title, enter the CNAME document to your Redshift provisioned cluster.
  4. For ACM certificates, select the suitable certificates.
  5. Select Create.

It is best to now have a {custom} area title related to your provisioned knowledge warehouse. The {custom} area title and {custom} area certificates ARN values ought to now be populated together with your entries.

Observe that sslmode=verify-full will solely work for the brand new {custom} endpoint. You possibly can’t use this mode with the default endpoint; you may connect with the default endpoint through the use of different SSL modes like sslmode=verify-ca.

Create a {custom} area for a serverless occasion

To create a {custom} area for a serverless occasion, full the next steps:

  1. On the Amazon Redshift console, navigate to your serverless occasion element web page.
  2. On the Actions menu, select Create {custom} area title.
  3. For Customized area title, enter the CNAME document to your Redshift Serverless workgroup.
  4. For ACM certificates, select the suitable certificates.
  5. Select Create.

It is best to now have a {custom} area title related to your serverless workgroup. The {custom} area title and {custom} area certificates ARN values ought to now be populated together with your entries.

Observe that, as with a provisioned occasion, sslmode=verify-full will solely work for the brand new {custom} endpoint. You possibly can’t use this mode with the default endpoint; you may connect with the default endpoint through the use of different SSL modes like sslmode=verify-ca.

Join utilizing {custom} area title

Now you can connect with your cluster utilizing the {custom} area title. The JDBC URL could be just like jdbc:redshift://prefix.rootdomain.com:5439/dev?sslmode=verify-full, the place prefix.rootdomain.com is your {custom} area title and dev is the default database. Use your most well-liked editor to connect with this URL utilizing your consumer title and password.

Replace the certificates affiliation to your provisioned {custom} area

To replace the certificates affiliation utilizing the Amazon Redshift console, navigate to your provisioned cluster particulars web page and on the Actions menu, select Edit {custom} area title. Replace the area title and ACM certificates, then select Save adjustments.

To alter the cluster’s ACM certificates related to the {custom} area utilizing the AWS Command Line Interface (AWS CLI), use the next command:

aws redshift modify-custom-domain-association --cluster-identifier <clustername> --custom-domain-certificate-arn <newCertArn> --custom-domain-name <currentDomainNameOfCluster>

Replace the certificates to your serverless {custom} area

To replace the certificates utilizing the Amazon Redshift console, navigate to your serverless workgroup particulars web page and on the Actions menu, select Edit {custom} area title. Replace the area title and ACM certificates, then select Save adjustments.

To alter the serverless workgroup’s ACM certificates related to the {custom} area utilizing the AWS CLI, use the next command:

aws redshift-serverless update-custom-domain-association --region <aws-region> ----custom-domain-name <currentCustomDomainName> --custom-domain-certificate-arn <NewCustomdomaincertarn> --workgroup-name<workgroupname>

Delete a {custom} provisioned area

To delete your {custom} area, navigate to the provisioned cluster particulars web page. On the Actions menu, select Delete {custom} area title. Enter delete to substantiate, then select Delete.

 To make use of the AWS CLI, use the next code:

aws redshift delete-custom-domain-association --cluster-identifier <ClusterName> --region <ClusterRegion>  --custom-domain-name <currentDomainName>

Delete a {custom} serverless area

To delete your {custom} area, navigate to the serverless workgroup particulars web page. On the Actions menu, select Delete {custom} area title. Enter delete to substantiate, then select Delete.

To make use of the AWS CLI, use the next code:

aws redshift-serverless delete-custom-domain-association --workgroup-name <workgroupname> --custom-domain-name <CurrentCustomDomainName>

Conclusion

On this publish, we mentioned the advantages of utilizing {custom} domains to your Redshift knowledge warehouse and the steps wanted to affiliate a {custom} area title with the Redshift endpoint. For extra data, seek advice from Utilizing a {custom} area title for shopper connections.

Concerning the Authors

Raghu Kuppala is an Analytics Specialist Options Architect skilled working within the databases, knowledge warehousing, and analytics house. Outdoors of labor, he enjoys attempting completely different cuisines and spending time along with his household and buddies.

Sam Selvan is a Principal Analytics Answer Architect with Amazon Net Companies.

Yanzhu Ji is a Product Supervisor within the Amazon Redshift staff. She has expertise in product imaginative and prescient and technique in industry-leading knowledge merchandise and platforms. She has excellent talent in constructing substantial software program merchandise utilizing net growth, system design, database, and distributed programming methods. In her private life, Yanzhu likes portray, images, and enjoying tennis.

Nikhitha Loyapally is a Senior Software program Improvement Engineer for Amazon Redshift.