User guide
If you have a publicly accessible cluster in a VPC, and you want to connect to it by using the private
IP address from within the VPC, you must set the following VPC parameters to true:
• DNS resolution
• DNS hostnames
If you have a publicly accessible cluster in a VPC, but do not set those parameters to true in the VPC,
connections made from within the VPC will resolve to the EIP of the cluster instead of the private IP
address. We recommend that you set these parameters to true and use the private IP address for a
publicly accessible cluster when connecting from within the VPC. For more information, see Using DNS
with Your VPC in the Amazon VPC User Guide.
Note
If you have an existing publicly accessible cluster in a VPC, connections from within the VPC
will continue to use the EIP to connect to the cluster even with those parameters set until you
resize the cluster. Any new clusters will follow the new behavior of using the private IP address
when connecting to the publicly accessible cluster from within the same VPC.
Also, note that the EIP is an external IP address for accessing the cluster outside of a VPC, but it is
not related to the cluster node public IP addresses and private IP addresses that are displayed in the
Amazon Redshift console under SSH Ingestion Settings. The public and private cluster node IP
addresses appear regardless of whether the cluster is publicly accessible or not. They are used only
in certain circumstances to configure ingress rules on the remote host when you load data from an
Amazon EC2 instance or other remote host using a Secure Shell (SSH) connection. For more information,
see Step 1: Retrieve the cluster public key and cluster node IP addresses in the Amazon Redshift
Database Developer Guide.
The option to associate a cluster with an EIP is available only when you create the cluster or restore
the cluster from a snapshot.You can't attach an EIP after the cluster is created or restored. If you want
to associate the cluster with an EIP or change an EIP that is associated with the cluster, you need to
restore the cluster from a snapshot and specify the EIP at that time.
• Associate a VPC security group.
You then grant inbound access using a VPC security group.This VPC security group must allow access
over the database port for the cluster so that you can connect by using SQL client tools.You can
configure this in advance, or add rules to it after you launch the cluster. For more information, go to
Security in Your VPC in the Amazon Virtual Private Cloud User Guide.You cannot use the Amazon
Redshift cluster security groups to grant inbound access to the cluster.
For more information about working with clusters in a VPC, see Creating a Cluster in a VPC (p. 33).
Restoring a Snapshot of a Cluster in VPC
A snapshot of a cluster in VPC can only be restored in a VPC, not outside the VPC.You can restore it in
the same VPC or another VPC in your account. For more information about snapshots, see Amazon
Redshift Snapshots (p. 82).
Creating a Cluster in a VPC
The following are the general steps how you can deploy a cluster in your VPC.
To create a cluster in a VPC
1. Set up a VPC.
You can create your cluster either in the default VPC for your account, if your account has one, or a
VPC that you have created. For more information, see Supported Platforms to Launch Your
Cluster (p. 9). To create a VPC, follow steps 2 and 3 in the Amazon Virtual Private Cloud Getting
API Version 2012-12-01
33
Amazon Redshift Management Guide
Creating a Cluster in a VPC