> For the complete documentation index, see [llms.txt](https://documentation.immuta.com/2024.2/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.immuta.com/2024.2/data-and-integrations/redshift/how-to-guides/redshift-spectrum.md). # Configure Redshift Spectrum Allow Immuta to create secure views of your external tables through one of these methods: * [Configure the integration with an existing database](#use-an-existing-database) that contains the external tables: Instead of creating an `immuta` database that manages all schemas and views created when Redshift data is registered in Immuta, the integration adds the Immuta-managed schemas and views to an existing database in Redshift * [Configure the integration by creating a new `immuta` database](#create-a-new-immuta-database) and re-create all of your external tables in that database. For an overview of the integration, see the [Redshift overview](/2024.2/data-and-integrations/redshift/reference-guides/redshift.md#redshift-spectrum) documentation. ## Requirements * A Redshift cluster with an AWS row-level security patch applied. [Contact Immuta](https://support.immuta.com/) for guidance. * [An AWS IAM role for Redshift](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-create-role.html) that is [associated with your Redshift cluster](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-add-role.html). * The [`enable_case_sensitive_identifier` parameter](https://docs.aws.amazon.com/redshift/latest/dg/r_enable_case_sensitive_identifier.html) must be set to `false` (default setting) for your Redshift cluster. * The Redshift role used to run the Immuta bootstrap script must have the following privileges when configuring the integration to * Use an existing database: * `ALL PRIVILEGES ON DATABASE` for the database you configure the integration with, as you must manage grants on that database. * `CREATE USER` * `GRANT TEMP ON DATABASE` * Create a new database: * `CREATE DATABASE` * `CREATE USER` * `GRANT TEMP ON DATABASE` * `REVOKE ALL PRIVILEGES ON DATABASE` * [A Redshift database that contains an external schema and external tables](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-create-external-table.html). ## Use an existing database 1. Click the **App Settings** icon in the left sidebar. 2. Click **Integrations** in the left panel. 3. Click the **+Add Integration** button and select **Redshift** from the dropdown menu. 4. Complete the **Host** and **Port** fields. 5. Enter the name of the database you created the external schema in as the **Immuta Database**. This database will store all secure schemas and Immuta-created views. 6. Opt to check the **Enable Impersonation** box and customize the **Impersonation Role** name as needed. This will allow users to natively impersonate another user. 7. Select **Manual** and download both of the bootstrap scripts from the **Setup** section. The specified role used to run the bootstrap needs to have the following privileges: * `ALL PRIVILEGES ON DATABASE` for the database you configure the integration with, as you must manage grants on that database. * `CREATE USER` * `GRANT TEMP ON DATABASE` 8. Run the **bootstrap script (Immuta database)** in the Redshift database that contains the external schema. 9. Choose your **authentication method**, and enter the credentials from the bootstrap script for the `Immuta_System_Account`. 10. Click **Test Redshift Connection**. 11. Click **Save**. ### Register data [Register Redshift data in Immuta](/2024.2/data-and-integrations/registering-metadata/register-data-sources/query-backed-tutorial.md). ## Create a new Immuta database 1. Click the **App Settings** icon in the left sidebar. 2. Click **Integrations** in the left panel. 3. Click the **+Add Integration** button and select **Redshift** from the dropdown menu. 4. Complete the **Host** and **Port** fields. 5. Enter an **Immuta Database**. This is a new database where all secure schemas and Immuta created views will be stored. 6. Opt to check the **Enable Impersonation** box and customize the **Impersonation Role** name as needed. This will allow users to natively impersonate another user. 7. Select **Manual** and download both of the bootstrap scripts from the **Setup** section. The specified role used to run the bootstrap needs to have the following privileges: * `ALL PRIVILEGES ON DATABASE` for the database you configure the integration with, as you must manage grants on that database. * `CREATE DATABASE` * `CREATE USER` * `GRANT TEMP ON DATABASE` 8. Run the **bootstrap script (initial database)** in the Redshift initial database. 9. Run the **bootstrap script (Immuta database)** in the new **Immuta Database** in Redshift. 10. Choose your **authentication method**, and enter the credentials from the bootstrap script for the `Immuta_System_Account`. 11. Click **Test Redshift Connection**. 12. Click **Save**. Then, add your external tables to the Immuta database. ### Register data [Register Redshift data in Immuta](/2024.2/data-and-integrations/registering-metadata/register-data-sources/query-backed-tutorial.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://documentation.immuta.com/2024.2/data-and-integrations/redshift/how-to-guides/redshift-spectrum.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.