Book a demo

Register an Amazon Redshift Connection

Public preview: This feature is available to select accounts. Contact your Immuta representative to enable this feature.

Permissions

The user registering the connection must have the permissions below.

  • APPLICATION_ADMIN Immuta permission

  • The Amazon Redshift user registering the connection must be a superuser or have the following Amazon Redshift privileges:

    • CREATEDB

    • CREATE USER

    • sys:secadmin role

    • USAGE on all databases and schemas that contain data you want to register

    • The following privileges WITH GRANT OPTION on objects registered in Immuta:

      • DELETE

      • INSERT

      • SELECT

      • TRUNCATE

      • UPDATE

    For descriptions and explanations of privileges Immuta needs to enforce policies and maintain state in Amazon Redshift, see the Amazon Redshift viewless integration reference guide.

Create the database user

  1. Create a new database user in Redshift to serve as the Immuta system account. Immuta will use this system account continuously to crawl the connection.

  2. Grant this account the following Redshift privileges:

    • USAGE on all databases and schemas that contain data you want to register

    • CREATE ROLE

    • sys:secadmin role

    • The following privileges WITH GRANT OPTION on objects registered in Immuta:

      • DELETE

      • INSERT

      • SELECT

      • TRUNCATE

      • UPDATE

Register the connection

  1. In your Amazon Redshift environment, create an Immuta database that Immuta can use to connect to your Amazon Redshift instance to register the connection and maintain state with Amazon Redshift.

    Having this separate database for Immuta prevents custom ETL processes or jobs deleting the database you use to register the connection, which would break the connection.

  2. In Immuta, click Data and select Connections in the navigation menu.

  3. Click the + Add Connection button.

  4. Select the Amazon Redshift tile.

  5. Enter the host connection information:

    1. Display Name: This is the name of your new connection. This name will be used in the API (connectionKey), in data source names from the host, and on the connections page.

    2. Hostname: URL of your Amazon Redshift instance.

    3. Port: Port configured for Amazon Redshift.

    4. Database: The Redshift database you created for Immuta. All databases in the host will be registered.

  6. Enter the username and password of the Amazon Redshift database user you created above.

  7. Click Save connection.

Map users

Requirement: USER_ADMIN Immuta permission

Map Amazon Redshift usernames to each Immuta user account to ensure Immuta properly enforces policies.

The instructions below illustrate how to do this for individual users, but you can also configure user mapping in your IAM connection on the app settings page.

  1. Click People and select Users in the navigation menu.

  2. Click the user's name to navigate to their page and scroll to the External User Mapping section.

  3. Click Edit in the Redshift User row.

  4. Enter the user's Redshift username.

  5. Click Save.

PreviousGetting Started with the Amazon Viewless IntegrationNextReference Guides

Last updated

Was this helpful?