Top / Amazon Web Service / AWS Amazon Redshift / Cluster

AWS Amazon Redshift Cluster

This page shows how to write Terraform and CloudFormation for Amazon Redshift Cluster and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_redshift_cluster (Terraform)

The Cluster in Amazon Redshift can be configured in Terraform with the resource name aws_redshift_cluster. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

test_redshift_cluster.tf#L1
resource "aws_redshift_cluster" "redshift_cluster_disabling_logs" {
  cluster_identifier = "redshift-cluster"
  logging {
    enable = false # Noncompliant {{Make sure that disabling logging is safe here.}}
  }
}
redshift_cluster_test.tf#L12
resource "aws_redshift_cluster" "ca" {
  cluster_identifier = "tf-ca-cluster"
  database_name      = "mydb"
  master_username    = "foo"
  master_password    = "Mustbe8characters"
  node_type          = "dc2.large"
redshiftcluster.tf#L1
resource "aws_redshift_cluster" "redshiftEncryptedWithNoKms" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "foo"
  master_password    = "Mustbe8characters"
  node_type          = "dc1.large"
redshift_cluster_test.tf#L12
resource "aws_redshift_cluster" "ca" {
  cluster_identifier = "tf-ca-cluster"
  database_name      = "mydb"
  master_username    = "foo"
  master_password    = "Mustbe8characters"
  node_type          = "dc2.large"
encrypted.tf#L11
resource "aws_redshift_cluster" "encrypted_not_set" {
  cluster_identifier = "my-redshift-cluster"
  database_name      = "mydb"
  master_username    = "admin"
  master_password    = "F0obarbaz"
  node_type          = "dc2.large"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a Redshift Cluster Resource.

Note: All arguments including the username and password will be stored in the raw state as plain-text. Read more about sensitive data in state.

>> from Terraform Registry

AWS::Redshift::Cluster (CloudFormation)

The Cluster in Redshift can be configured in CloudFormation with the resource name AWS::Redshift::Cluster. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

6.redshift.yml#L66
    Type: AWS::Redshift::Cluster
    Properties:
      AllowVersionUpgrade: true
      AutomatedSnapshotRetentionPeriod: 5
      ClusterIdentifier: dw-production-redshift-cluster
      ClusterParameterGroupName: !Ref RedshiftParameterGroup
deploy.yml#L4
    Type: "AWS::Redshift::Cluster"
    Properties:
      DBName: "mydb"
      MasterUsername: "master"
      MasterUserPassword:
        Ref: "MasterUserPassword"
deploy.yml#L4
    Type: "AWS::Redshift::Cluster"
    Properties:
      DBName: "mydb"
      MasterUsername: "master"
      MasterUserPassword:
        Ref: "MasterUserPassword"
deploy.yml#L4
    Type: "AWS::Redshift::Cluster"
    Properties:
      DBName: "mydb"
      MasterUsername: "master"
      MasterUserPassword:
        Ref: "MasterUserPassword"
deploy.yml#L4
    Type: "AWS::Redshift::Cluster"
    Properties:
      DBName: "mydb"
      MasterUsername: "master"
      MasterUserPassword:
        Ref: "MasterUserPassword"
AWS_Redshift_Cluster.json#L9
    "resourceType": "AWS::Redshift::Cluster",
    "resourceId": "cluster-with-kms",
    "resourceName": "cluster-with-kms",
    "awsRegion": "us-west-2",
    "availabilityZone": "us-west-2c",
    "resourceCreationTime": "2016-10-13T22:26:39.723Z",
cloud-formation-local-postgres.json#L7
      "Type": "AWS::Redshift::ClusterSecurityGroup",
      "Properties": {
        "Description" : "Security group to determine where connections to the Amazon Redshift cluster can come from"
      }
    },
    "redshiftSecurityGroupIngress" : {
cloud-formation-local-postgres.json#L7
      "Type": "AWS::Redshift::ClusterSecurityGroup",
      "Properties": {
        "Description" : "Security group to determine where connections to the Amazon Redshift cluster can come from"
      }
    },
    "redshiftSecurityGroupIngress" : {
positive2.json#L4
      "Type": "AWS::Redshift::Cluster",
      "Properties": {
        "NodeType": "ds2.xlarge",
        "ClusterType": "single-node",
        "Tags": [
          {
Redshift.json#L3
  "resourceType" : "AWS::Redshift::Cluster",
  "properties" : [ {
    "propertyName" : "AllowVersionUpgrade",
    "propertyType" : "Boolean",
    "required" : false
  }, {

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Specifies a cluster. A cluster is a fully managed data warehouse that consists of a set of compute nodes.

To create a cluster in Virtual Private Cloud (VPC), you must provide a cluster subnet group name. The cluster subnet group identifies the subnets of your VPC that Amazon Redshift uses when creating the cluster. For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon Redshift Resources

Frequently asked questions

What is AWS Amazon Redshift Cluster?

AWS Amazon Redshift Cluster is a resource for Amazon Redshift of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon Redshift Cluster?

For Terraform, the SonarSource/sonar-iac, gilyas/infracost and storebot/pr_demo_flat source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the judithribeiro/Data-Engineer, jmelt5056/WebGoat.NET and iactest/newKaiMonkey source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents