Configure Redshift Spectrum
Allow Immuta to create secure views of your external tables through one of these methods:
- Configure the integration with an existing database that contains the external tables: Instead of creating an - immutadatabase that manages all schemas and views created when Redshift data is registered in Immuta, the integration adds the Immuta-managed schemas and views to an existing database in Redshift
- Configure the integration by creating a new - immutadatabase and re-create all of your external tables in that database.
For an overview of the integration, see the Redshift overview documentation.
Requirements
- A Redshift cluster with an AWS row-level security patch applied. Contact Immuta for guidance. 
- The - enable_case_sensitive_identifierparameter must be set to- false(default setting) for your Redshift cluster.
- The Redshift role used to run the Immuta bootstrap script must have the following privileges when configuring the integration to - Use an existing database: - ALL PRIVILEGES ON DATABASEfor the database you configure the integration with, as you must manage grants on that database.
- CREATE USER
- GRANT TEMP ON DATABASE
 
- Create a new database: - CREATE DATABASE
- CREATE USER
- GRANT TEMP ON DATABASE
- REVOKE ALL PRIVILEGES ON DATABASE
 
 
Use an existing database
- Click the App Settings icon in the navigation menu. 
- Click the Integrations tab. 
- Click the +Add Integration button and select Redshift from the dropdown menu. 
- Complete the Host and Port fields. 
- Enter the name of the database you created the external schema in as the Immuta Database. This database will store all secure schemas and Immuta-created views. 
- Opt to check the Enable Impersonation box and customize the Impersonation Role name as needed. This will allow users to natively impersonate another user. 
- Select Manual and download both of the bootstrap scripts from the Setup section. The specified role used to run the bootstrap needs to have the following privileges: - ALL PRIVILEGES ON DATABASEfor the database you configure the integration with, as you must manage grants on that database.
- CREATE USER
- GRANT TEMP ON DATABASE
 
- Run the bootstrap script (Immuta database) in the Redshift database that contains the external schema. 
- Choose your authentication method, and enter the credentials from the bootstrap script for the - Immuta_System_Account.
- Click Save. 
Register data
Register Redshift data in Immuta.
Create a new Immuta database
- Click the App Settings icon in the navigation menu. 
- Click the Integrations tab. 
- Click the +Add Integration button and select Redshift from the dropdown menu. 
- Complete the Host and Port fields. 
- Enter an Immuta Database. This is a new database where all secure schemas and Immuta created views will be stored. 
- Opt to check the Enable Impersonation box and customize the Impersonation Role name as needed. This will allow users to natively impersonate another user. 
- Select Manual and download both of the bootstrap scripts from the Setup section. The specified role used to run the bootstrap needs to have the following privileges: - ALL PRIVILEGES ON DATABASEfor the database you configure the integration with, as you must manage grants on that database.
- CREATE DATABASE
- CREATE USER
- GRANT TEMP ON DATABASE
 
- Run the bootstrap script (initial database) in the Redshift initial database. 
- Run the bootstrap script (Immuta database) in the new Immuta Database in Redshift. 
- Choose your authentication method, and enter the credentials from the bootstrap script for the - Immuta_System_Account.
- Click Save. 
Then, add your external tables to the Immuta database.
Register data
Last updated
Was this helpful?

