Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift
41424344454647484950
Amazon Redshift Cluster Security
Groups
When you provision an Amazon Redshift cluster, it is locked down by default so nobody has access to
it. To grant other users inbound access to an Amazon Redshift cluster, you associate the cluster with a
security group. If you are on the EC2-Classic platform, you define a cluster security group and associate
it with a cluster as described following. If you are on the EC2-VPC platform, you can either use an existing
Amazon VPC security group or define a new one and then associate it with a cluster. For more information
on managing a cluster on the EC2-VPC platform, see Managing Clusters in an Amazon Virtual Private
Cloud (VPC) (p. 32).
Topics
Overview (p. 43)
Managing Cluster Security Groups Using the Console (p. 44)
Managing Cluster Security Groups Using the AWS SDK for Java (p. 52)
Manage Cluster Security Groups Using the Amazon Redshift CLI and API (p. 55)
Overview
A cluster security group consists of a set of rules that control access to your cluster. Individual rules
identify either a range of IP addresses or an Amazon EC2 security group that is allowed access to your
cluster.When you associate a cluster security group with a cluster, the rules that are defined in the cluster
security group control access to the cluster.
You can create cluster security groups independent of provisioning any cluster.You can associate a
cluster security group with an Amazon Redshift cluster either at the time you provision the cluster or later.
Also, you can associate a cluster security group with multiple clusters.
Amazon Redshift provides a cluster security group called default, which is created automatically when
you launch your first cluster. Initially, this cluster security group is empty. You can add inbound access
rules to the default cluster security group and then associate it with your Amazon Redshift cluster.
If the default cluster security group is enough for you, you don’t need to create your own. However, you
can optionally create your own cluster security groups to better manage inbound access to your cluster.
For example, suppose you are running a service on an Amazon Redshift cluster, and you have a few
companies as your customers. If you don’t want to provide the same access to all your customers, you
API Version 2012-12-01
43
Amazon Redshift Management Guide
Overview