Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift
21222324252627282930
your own CMK gives you more flexibility, including the ability to create, rotate, disable,
define access controls for, and audit the encryption keys used to protect your data.
If you want to use another CMK from your account, you need to create it first in AWS
KMS.Then the key will be available in the Master Key list in Amazon Redshift. When
you select a CMK, the Amazon Redshift console updates with information in Description,
Account, and KMS Key ID so you can verify the details of the selected key. For more
information about creating CMKs, go to Creating Customer Master Keys in the AWS Key
Management Service Developer Guide.
If you want to use a key from another account, select Enter a key ARN from Master Key.
Then type the ARN for the key to use.You must have permission to use the key. For
more information about access to keys in AWS KMS, go to Controlling Access to Your
Keys in the AWS Key Management Service Developer Guide.
HSM
Click HSM if you want to enable encryption and use a hardware security module (HSM)
to manage your encryption key.
If you click HSM, select values from HSM Connection and HSM Client Certificate.These
values are required for Amazon Redshift and the HSM to form a trusted connection over
which the cluster key can be passed. The HSM connection and client certificate must be
set up in Amazon Redshift before you launch a cluster. For more information about setting
up HSM connections and client certificates, see Hardware Security Modules (p. 99).
b. Under Configure Networking Options, you configure whether to launch your cluster in a virtual
private cloud (VPC) or outside a VPC. The option you choose affects the additional options
available in this section. Amazon Redshift uses the EC2-Classic and EC2-VPC platforms to
launch clusters.Your AWS account determines which platform or platforms are available to you
for your cluster. For more information, see Supported Platforms in the Amazon EC2 User Guide
for Linux Instances.
Choose a VPC
If you want to launch your cluster in a virtual private cloud (VPC), select the VPC you want
to use.You must have at least one Amazon Redshift subnet group set up to use VPCs. For
more information, see Amazon Redshift Cluster Subnet Groups (p. 36).
If you want to launch your cluster outside a VPC, click Not in VPC. This option is available
only to AWS accounts that support the EC2-Classic platform. Otherwise, you must launch
your cluster in a VPC.
API Version 2012-12-01
17
Amazon Redshift Management Guide
Creating a Cluster