Book a demo

Register an Amazon Redshift Connection

Immuta policies will not be automatically enforced in Amazon Redshift

While you can author and apply subscription and data policies on data sources registered using the Amazon Redshift viewless integration, these policies will not be enforced natively in Amazon Redshift. You can use Immuta webhooks to be notified about changes to user access and make appropriate access updates in Amazon Redshift using your own process.

Contact your Immuta representative to use this feature.

Permissions

The user registering the connection must have the permissions below.

  • APPLICATION_ADMIN Immuta permission

  • The Amazon Redshift user registering the connection must be a superuser or have the following Amazon Redshift privileges:

    • CREATEDB

    • CREATE USER

    • CREATE ROLE

    • sys:secadmin role

    • USAGE on all databases and schemas that contain data you want to register

    • The following privileges WITH GRANT OPTION on objects registered in Immuta:

      • DELETE

      • INSERT

      • SELECT

      • TRUNCATE

      • UPDATE

Create the database user

  1. Create a new database user in Redshift to serve as the Immuta system account. Immuta will use this system account continuously to crawl the connection.

  2. Grant this account the following Redshift privileges:

    • USAGE on all databases and schemas that contain data you want to register

    • CREATE GROUP

    • sys:secadmin role

    • The following privileges WITH GRANT OPTION on objects registered in Immuta:

      • DELETE

      • INSERT

      • SELECT

      • TRUNCATE

      • UPDATE

Register the connection

  1. In your Amazon Redshift environment, create an Immuta database that Immuta can use to connect to your Amazon Redshift instance to register the connection and maintain state with Amazon Redshift.

    Having this separate database for Immuta prevents custom ETL processes or jobs deleting the database you use to register the connection, which would break the connection.

  2. In Immuta, click Data and select Connections in the navigation menu.

  3. Click the + Add Connection button.

  4. Select the Amazon Redshift tile.

  5. Enter the host connection information:

    1. Display Name: This is the name of your new connection. This name will be used in the API (connectionKey), in data source names from the host, and on the connections page.

    2. Hostname: URL of your Amazon Redshift instance.

    3. Port: Port configured for Amazon Redshift.

    4. Database: The Redshift database you created for Immuta. All databases in the host will be registered.

  6. Enter the username and password of the Amazon Redshift database user you created above.

  7. Click Save connection.

PreviousAmazon Redshift Viewless IntegrationNextAmazon Redshift Viewless Integration Reference Guide

Last updated

Was this helpful?