Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift
41424344454647484950
Now you are ready to use the cluster.You can follow the Getting Started steps to test the cluster by
uploading sample data and trying example queries.
Managing VPC Security Groups for a Cluster
When you provision an Amazon Redshift cluster, it is locked down by default so nobody has access to
it. To grant other users inbound access to an Amazon Redshift cluster, you associate the cluster with a
security group. If you are on the EC2-VPC platform, you can either use an existing Amazon VPC security
group or define a new one and then associate it with a cluster as described following. If you are on the
EC2-Classic platform, you define a cluster security group and associate it with a cluster. For more
information on using cluster security groups on the EC2-Classic platform, see Amazon Redshift Cluster
Security Groups (p. 43).
A VPC security group consists of a set of rules that control access to an instance on the VPC, such as
your cluster. Individual rules set access based either on ranges of IP addresses or on other VPC security
groups.When you associate a VPC security group with a cluster, the rules that are defined in the VPC
security group control access to the cluster.
Each cluster you provision on the EC2-VPC platform has one or more Amazon VPC security groups
associated with it. Amazon VPC provides a VPC security group called default, which is created
automatically when you create the VPC. Each cluster that you launch in the VPC is automatically associated
with the default VPC security group if you don't specify a different VPC security group when you create
the cluster.You can associate a VPC security group with a cluster when you create the cluster, or you
can associate a VPC security group later by modifying the cluster. For more information on associating
a VPC security group with a cluster, see To create a cluster (p. 14) and To modify a cluster (p. 21).
The following table describes the default rules for the default VPC security group.
You can change the rules for the default VPC security group as needed for your Amazon Redshift cluster.
If the default VPC security group is enough for you, you don’t need to create more. However, you can
optionally create additional VPC security groups to better manage inbound access to your cluster. For
example, suppose you are running a service on an Amazon Redshift cluster, and you have several
different service levels you provide to your customers. If you don’t want to provide the same access at
API Version 2012-12-01
35
Amazon Redshift Management Guide
Managing VPC Security Groups for a Cluster