# Configure Redshift Spectrum

Allow Immuta to create secure views of your external tables through one of these methods:

* [Configure the integration with an existing database](#use-an-existing-database) that contains the external tables: Instead of creating an `immuta` database that manages all schemas and views created when Redshift data is registered in Immuta, the integration adds the Immuta-managed schemas and views to an existing database in Redshift
* [Configure the integration by creating a new `immuta` database](#create-a-new-immuta-database) and re-create all of your external tables in that database.

For an overview of the integration, see the [Redshift overview](https://documentation.immuta.com/2024.2/data-and-integrations/reference-guides/redshift#redshift-spectrum) documentation.

## Requirements

* A Redshift cluster with an AWS row-level security patch applied. [Contact Immuta](https://support.immuta.com/) for guidance.
* [An AWS IAM role for Redshift](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-create-role.html) that is [associated with your Redshift cluster](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-add-role.html).
* The [`enable_case_sensitive_identifier` parameter](https://docs.aws.amazon.com/redshift/latest/dg/r_enable_case_sensitive_identifier.html) must be set to `false` (default setting) for your Redshift cluster.
* The Redshift role used to run the Immuta bootstrap script must have the following privileges when configuring the integration to
  * Use an existing database:
    * `ALL PRIVILEGES ON DATABASE` for the database you configure the integration with, as you must manage grants on that database.
    * `CREATE USER`
    * `GRANT TEMP ON DATABASE`
  * Create a new database:
    * `CREATE DATABASE`
    * `CREATE USER`
    * `GRANT TEMP ON DATABASE`
    * `REVOKE ALL PRIVILEGES ON DATABASE`
* [A Redshift database that contains an external schema and external tables](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-create-external-table.html).

## Use an existing database

1. Click the **App Settings** icon in the left sidebar.
2. Click **Integrations** in the left panel.
3. Click the **+Add Integration** button and select **Redshift** from the dropdown menu.
4. Complete the **Host** and **Port** fields.
5. Enter the name of the database you created the external schema in as the **Immuta Database**. This database will store all secure schemas and Immuta-created views.
6. Opt to check the **Enable Impersonation** box and customize the **Impersonation Role** name as needed. This will allow users to natively impersonate another user.
7. Select **Manual** and download both of the bootstrap scripts from the **Setup** section. The specified role used to run the bootstrap needs to have the following privileges:
   * `ALL PRIVILEGES ON DATABASE` for the database you configure the integration with, as you must manage grants on that database.
   * `CREATE USER`
   * `GRANT TEMP ON DATABASE`
8. Run the **bootstrap script (Immuta database)** in the Redshift database that contains the external schema.
9. Choose your **authentication method**, and enter the credentials from the bootstrap script for the `Immuta_System_Account`.
10. Click **Test Redshift Connection**.
11. Click **Save**.

### Register data

[Register Redshift data in Immuta](https://documentation.immuta.com/2024.2/data-and-integrations/registering-metadata/register-data-sources/query-backed-tutorial).

## Create a new Immuta database

1. Click the **App Settings** icon in the left sidebar.
2. Click **Integrations** in the left panel.
3. Click the **+Add Integration** button and select **Redshift** from the dropdown menu.
4. Complete the **Host** and **Port** fields.
5. Enter an **Immuta Database**. This is a new database where all secure schemas and Immuta created views will be stored.
6. Opt to check the **Enable Impersonation** box and customize the **Impersonation Role** name as needed. This will allow users to natively impersonate another user.
7. Select **Manual** and download both of the bootstrap scripts from the **Setup** section. The specified role used to run the bootstrap needs to have the following privileges:
   * `ALL PRIVILEGES ON DATABASE` for the database you configure the integration with, as you must manage grants on that database.
   * `CREATE DATABASE`
   * `CREATE USER`
   * `GRANT TEMP ON DATABASE`
8. Run the **bootstrap script (initial database)** in the Redshift initial database.
9. Run the **bootstrap script (Immuta database)** in the new **Immuta Database** in Redshift.
10. Choose your **authentication method**, and enter the credentials from the bootstrap script for the `Immuta_System_Account`.
11. Click **Test Redshift Connection**.
12. Click **Save**.

Then, add your external tables to the Immuta database.

### Register data

[Register Redshift data in Immuta](https://documentation.immuta.com/2024.2/data-and-integrations/registering-metadata/register-data-sources/query-backed-tutorial).