AWS Amazon Redshift Cluster
This page shows how to write Terraform and CloudFormation for Amazon Redshift Cluster and write them securely.
aws_redshift_cluster (Terraform)
The Cluster in Amazon Redshift can be configured in Terraform with the resource name aws_redshift_cluster
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_redshift_cluster" "redshift_cluster_disabling_logs" {
cluster_identifier = "redshift-cluster"
logging {
enable = false # Noncompliant {{Make sure that disabling logging is safe here.}}
}
}
resource "aws_redshift_cluster" "ca" {
cluster_identifier = "tf-ca-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc2.large"
resource "aws_redshift_cluster" "redshiftEncryptedWithNoKms" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
resource "aws_redshift_cluster" "ca" {
cluster_identifier = "tf-ca-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc2.large"
resource "aws_redshift_cluster" "encrypted_not_set" {
cluster_identifier = "my-redshift-cluster"
database_name = "mydb"
master_username = "admin"
master_password = "F0obarbaz"
node_type = "dc2.large"
Parameters
-
allow_version_upgrade
optional - bool -
arn
optional computed - string -
automated_snapshot_retention_period
optional - number -
availability_zone
optional computed - string -
cluster_identifier
required - string -
cluster_parameter_group_name
optional computed - string -
cluster_public_key
optional computed - string -
cluster_revision_number
optional computed - string -
cluster_security_groups
optional computed - set of string -
cluster_subnet_group_name
optional computed - string -
cluster_type
optional computed - string -
cluster_version
optional - string -
database_name
optional computed - string -
dns_name
optional computed - string -
elastic_ip
optional - string -
encrypted
optional - bool -
endpoint
optional computed - string -
enhanced_vpc_routing
optional computed - bool -
final_snapshot_identifier
optional - string -
iam_roles
optional computed - set of string -
id
optional computed - string -
kms_key_id
optional computed - string -
master_password
optional - string -
master_username
optional - string -
node_type
required - string -
number_of_nodes
optional - number -
owner_account
optional - string -
port
optional - number -
preferred_maintenance_window
optional computed - string -
publicly_accessible
optional - bool -
skip_final_snapshot
optional - bool -
snapshot_cluster_identifier
optional - string -
snapshot_identifier
optional - string -
tags
optional - map from string to string -
vpc_security_group_ids
optional computed - set of string -
logging
list block-
bucket_name
optional computed - string -
enable
required - bool -
s3_key_prefix
optional computed - string
-
-
snapshot_copy
list block-
destination_region
required - string -
grant_name
optional - string -
retention_period
optional - number
-
-
timeouts
single block
Explanation in Terraform Registry
Provides a Redshift Cluster Resource.
Note: All arguments including the username and password will be stored in the raw state as plain-text. Read more about sensitive data in state.
AWS::Redshift::Cluster (CloudFormation)
The Cluster in Redshift can be configured in CloudFormation with the resource name AWS::Redshift::Cluster
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::Redshift::Cluster
Properties:
AllowVersionUpgrade: true
AutomatedSnapshotRetentionPeriod: 5
ClusterIdentifier: dw-production-redshift-cluster
ClusterParameterGroupName: !Ref RedshiftParameterGroup
Type: "AWS::Redshift::Cluster"
Properties:
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
Type: "AWS::Redshift::Cluster"
Properties:
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
Type: "AWS::Redshift::Cluster"
Properties:
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
Type: "AWS::Redshift::Cluster"
Properties:
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
"resourceType": "AWS::Redshift::Cluster",
"resourceId": "cluster-with-kms",
"resourceName": "cluster-with-kms",
"awsRegion": "us-west-2",
"availabilityZone": "us-west-2c",
"resourceCreationTime": "2016-10-13T22:26:39.723Z",
"Type": "AWS::Redshift::ClusterSecurityGroup",
"Properties": {
"Description" : "Security group to determine where connections to the Amazon Redshift cluster can come from"
}
},
"redshiftSecurityGroupIngress" : {
"Type": "AWS::Redshift::ClusterSecurityGroup",
"Properties": {
"Description" : "Security group to determine where connections to the Amazon Redshift cluster can come from"
}
},
"redshiftSecurityGroupIngress" : {
"Type": "AWS::Redshift::Cluster",
"Properties": {
"NodeType": "ds2.xlarge",
"ClusterType": "single-node",
"Tags": [
{
"resourceType" : "AWS::Redshift::Cluster",
"properties" : [ {
"propertyName" : "AllowVersionUpgrade",
"propertyType" : "Boolean",
"required" : false
}, {
Parameters
-
ClusterIdentifier
optional - String -
MasterUsername
required - String -
MasterUserPassword
required - String -
NodeType
required - String -
AllowVersionUpgrade
optional - Boolean -
AutomatedSnapshotRetentionPeriod
optional - Integer -
AvailabilityZone
optional - String -
ClusterParameterGroupName
optional - String -
ClusterType
required - String -
ClusterVersion
optional - String -
ClusterSubnetGroupName
optional - String -
DBName
required - String -
ElasticIp
optional - String -
Encrypted
optional - Boolean -
HsmClientCertificateIdentifier
optional - String -
HsmConfigurationIdentifier
optional - String -
KmsKeyId
optional - String -
NumberOfNodes
optional - Integer -
Port
optional - Integer -
PreferredMaintenanceWindow
optional - String -
PubliclyAccessible
optional - Boolean -
ClusterSecurityGroups
optional - List -
IamRoles
optional - List -
Tags
optional - List of Tag -
VpcSecurityGroupIds
optional - List -
SnapshotClusterIdentifier
optional - String -
SnapshotIdentifier
optional - String -
OwnerAccount
optional - String -
LoggingProperties
optional - LoggingProperties -
Endpoint
optional - Endpoint -
DestinationRegion
optional - String -
SnapshotCopyRetentionPeriod
optional - Integer -
SnapshotCopyGrantName
optional - String -
ManualSnapshotRetentionPeriod
optional - Integer -
SnapshotCopyManual
optional - Boolean -
AvailabilityZoneRelocation
optional - Boolean -
AvailabilityZoneRelocationStatus
optional - String -
AquaConfigurationStatus
optional - String -
Classic
optional - Boolean -
EnhancedVpcRouting
optional - Boolean -
MaintenanceTrackName
optional - String -
DeferMaintenance
optional - Boolean -
DeferMaintenanceStartTime
optional - String -
DeferMaintenanceEndTime
optional - String -
DeferMaintenanceDuration
optional - Integer -
RevisionTarget
optional - String -
ResourceAction
optional - String -
RotateEncryptionKey
optional - Boolean
Explanation in CloudFormation Registry
Specifies a cluster. A cluster is a fully managed data warehouse that consists of a set of compute nodes.
To create a cluster in Virtual Private Cloud (VPC), you must provide a cluster subnet group name. The cluster subnet group identifies the subnets of your VPC that Amazon Redshift uses when creating the cluster. For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide.
Frequently asked questions
What is AWS Amazon Redshift Cluster?
AWS Amazon Redshift Cluster is a resource for Amazon Redshift of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon Redshift Cluster?
For Terraform, the SonarSource/sonar-iac, gilyas/infracost and storebot/pr_demo_flat source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the judithribeiro/Data-Engineer, jmelt5056/WebGoat.NET and iactest/newKaiMonkey source code examples are useful. See the CloudFormation Example section for further details.