User guide
might want to create separate cluster security groups, one for each company.You can add rules in each
cluster security group to identify the Amazon EC2 security groups and the IP address ranges specific to
a company.You can then associate all these cluster security groups with your cluster.
You can associate a cluster security group with many clusters, and you can associate many cluster
security groups with a cluster.
You can manage cluster security groups using the Amazon Redshift console, and you can manage cluster
security groups programmatically by using the Amazon Redshift API or the AWS SDKs.
Amazon Redshift applies changes to a cluster security group immediately. So if you have associated the
cluster security group with a cluster, inbound cluster access rules in the updated cluster security group
apply immediately.
Managing Cluster Security Groups Using the
Console
Topics
• Creating a Cluster Security Group (p. 45)
• Tagging a Cluster Security Group (p. 46)
• Managing Ingress Rules for a Cluster Security Group (p. 47)
• Revoking Ingress Rules for a Cluster Security Group (p. 49)
• Tagging Ingress Rules for a Cluster Security Group (p. 49)
• Deleting a Cluster Security Group (p. 51)
• Associating a Cluster Security Group with a Cluster (p. 52)
You can create, modify, and delete cluster security groups by using the Amazon Redshift console.You
can also manage the default cluster security group in the Amazon Redshift console. All of the tasks start
from the cluster security group list.You must select a cluster security group to manage it.
In the example cluster security group list below, there are two cluster security groups, the default cluster
security group and a custom cluster security group called securitygroup1. Because securitygroup1
is selected (highlighted), you can delete it or manage tags for it, and also see the rules and tags associated
with it.
API Version 2012-12-01
44
Amazon Redshift Management Guide
Managing Cluster Security Groups Using the Console