Amazon Redshift is a completely managed, petabyte-scale knowledge warehouse service within the cloud. With Amazon Redshift, you’ll be able to analyze all of your knowledge to derive holistic insights about your small business and your clients.
Amazon Redshift now helps {custom} URLs or {custom} domains in your knowledge warehouse. You would possibly wish to use a {custom} area title or CNAME (Canonical Title) for the next causes:
- A {custom} area title is easy to recall and use.
- Routing connections is much less disruptive. The connections from the shopper are pointed to the DNS document and never the server title. This allows you to simply route connections to new clusters in failover or catastrophe restoration situations.
- Now you can obfuscate your server names with a pleasant {custom} area title.
- It helps you keep away from utility code or connectivity modifications in case the underlying knowledge warehouse is migrated to a special Area or the endpoint is modified.
On this submit, we talk about how one can modify your knowledge warehouse to make use of {custom} domains and the way to connect with a knowledge warehouse that has been configured with a {custom} URL.
Pre-requisites
To get began, you want a registered area title. You need to use Amazon Route 53 or a third-party area registrar to register a site.
You additionally want a validated Safe Sockets Layer (SSL) certificates in your {custom} endpoints. That is to confirm possession of the area title and safe communication. You need to use AWS Certificates Supervisor (ACM) to provision, handle, and deploy public SSL/TLS certificates. It’s essential use verify-full mode, which ensures that the connections are encrypted and verifies that the hostname of the server matches the hostname within the certificates.
Lastly, it is advisable connect the required permissions to the AWS Id and Entry Administration (IAM) function that’s assigned to the related customers and teams that can handle your Redshift knowledge warehouse. These fluctuate relying on if you happen to’re utilizing Amazon Redshift provisioned or Amazon Redshift Serverless. The permissions wanted for the required actions are listed within the following desk.
| Motion | IAM Permission | |
| Redshift Provisioned | Redshift Serverless | |
| Create {custom} area for datawarehouse |
redshift:CreateCustomDomainAssociation acm:DescribeCertificate |
redshiftServerless:CreateCustomDomainAssociation acm:DescribeCertificate |
| Renaming cluster that has {custom} area title | acm:DescribeCertificate | Not wanted |
| Altering certificates for affiliation |
redshift:ModifyCustomDomainAssociation acm:DescribeCertificate |
redshiftServerless:UpdateCustomDomainAssociation acm:DescribeCertificate |
| Deleting {custom} area | redshift:DeleteCustomDomainAssociation | redshiftServerless:DeleteCustomDomainAssociation |
| Connecting to the information warehouse utilizing {custom} area title | redshift:DescribeCustomDomainAssociations | Not wanted |
The next screenshot reveals an instance of making an IAM coverage on the IAM console.
Creating DNS CNAME entry for {custom} area title
The {custom} area title usually contains the basis area and a subdomain, like mycluster.mycompany.com. You possibly can both register a brand new root area or use an present one. For extra details about registering a brand new area with Route 53, consult with Registering a brand new area.
After you set that up, you’ll be able to add a DNS document that factors your {custom} CNAME to the Redshift endpoint. You could find the information warehouse endpoint on the Amazon Redshift console on the cluster element web page.
The next screenshot illustrates finding a provisioned endpoint.
The next screenshot illustrates finding a serverless endpoint.
Now that you’ve created the CNAME entry, you’ll be able to request a certificates from ACM. Full the next steps:
- Open the ACM console and select Request a certificates.
- For Absolutely certified area title, enter your {custom} area title.
- Select Request.
- Verify that the request is validated by the proprietor of the area by checking the standing of the certificates.
The standing must be Issued.
Now that you’ve created the CNAME document and certificates, you’ll be able to create the {custom} area URL in your Redshift cluster utilizing the Amazon Redshift console.
Creating {custom} area for a provisioned occasion
To create a {custom} area for a provisioned occasion, full the next steps:
- On the Amazon Redshift console, navigate to your provisioned occasion element web page.
- On the Actions menu, select Create {custom} area title.
- For Customized area title, enter the CNAME document in your Redshift provisioned cluster.
- For ACM certificates, select the suitable certificates.
- Select Create.
It’s best to now have a {custom} area title related to your provisioned knowledge warehouse. The {custom} area title and {custom} area certificates ARN values ought to now be populated together with your entries.
Observe that sslmode=verify-full will solely work for the brand new {custom} endpoint. You possibly can’t use this mode with the default endpoint; you’ll be able to hook up with the default endpoint by utilizing different SSL modes like sslmode=verify-ca.
Create a {custom} area for a serverless occasion
To create a {custom} area for a serverless occasion, full the next steps:
- On the Amazon Redshift console, navigate to your serverless occasion element web page.
- On the Actions menu, select Create {custom} area title.
- For Customized area title, enter the CNAME document in your Redshift Serverless workgroup.
- For ACM certificates, select the suitable certificates.
- Select Create.
It’s best to now have a {custom} area title related to your serverless workgroup. The {custom} area title and {custom} area certificates ARN values ought to now be populated together with your entries.
Observe that, as with a provisioned occasion, sslmode=verify-full will solely work for the brand new {custom} endpoint. You possibly can’t use this mode with the default endpoint; you’ll be able to hook up with the default endpoint by utilizing different SSL modes like sslmode=verify-ca.
Join utilizing {custom} area title
Now you can hook up with your cluster utilizing the {custom} area title. The JDBC URL could be just like jdbc:redshift://prefix.rootdomain.com:5439/dev?sslmode=verify-full, the place prefix.rootdomain.com is your {custom} area title and dev is the default database. Use your most well-liked editor to connect with this URL utilizing your consumer title and password.
Replace the certificates affiliation in your provisioned {custom} area
To replace the certificates affiliation utilizing the Amazon Redshift console, navigate to your provisioned cluster particulars web page and on the Actions menu, select Edit {custom} area title. Replace the area title and ACM certificates, then select Save modifications.
To alter the cluster’s ACM certificates related to the {custom} area utilizing the AWS Command Line Interface (AWS CLI), use the next command:
Replace the certificates in your serverless {custom} area
To replace the certificates utilizing the Amazon Redshift console, navigate to your serverless workgroup particulars web page and on the Actions menu, select Edit {custom} area title. Replace the area title and ACM certificates, then select Save modifications.
To alter the serverless workgroup’s ACM certificates related to the {custom} area utilizing the AWS CLI, use the next command:
Delete a {custom} provisioned area
To delete your {custom} area, navigate to the provisioned cluster particulars web page. On the Actions menu, select Delete {custom} area title. Enter delete to verify, then select Delete.
 To make use of the AWS CLI, use the next code:
Delete a {custom} serverless area
To delete your {custom} area, navigate to the serverless workgroup particulars web page. On the Actions menu, select Delete {custom} area title. Enter delete to verify, then select Delete.
To make use of the AWS CLI, use the next code:
Conclusion
On this submit, we mentioned the advantages of utilizing {custom} domains in your Redshift knowledge warehouse and the steps wanted to affiliate a {custom} area title with the Redshift endpoint. For extra info, consult with Utilizing a {custom} area title for shopper connections.
Concerning the Authors
Raghu Kuppala is an Analytics Specialist Options Architect skilled working within the databases, knowledge warehousing, and analytics area. Exterior of labor, he enjoys making an attempt totally different cuisines and spending time together with his household and buddies.
Sam Selvan is a Principal Analytics Answer Architect with Amazon Internet Providers.
Yanzhu Ji is a Product Supervisor within the Amazon Redshift staff. She has expertise in product imaginative and prescient and technique in industry-leading knowledge merchandise and platforms. She has excellent ability in constructing substantial software program merchandise utilizing net growth, system design, database, and distributed programming methods. In her private life, Yanzhu likes portray, images, and enjoying tennis.
Nikhitha Loyapally is a Senior Software program Growth Engineer for Amazon Redshift.