Menu
Amazon Redshift
Getting Started Guide (API Version 2012-12-01)

Step 4: Authorize Access to the Cluster

In the previous step, you launched your Amazon Redshift cluster. Before you can connect to the cluster, you need to configure a security group to authorize access:

Note

You only need to configure one of these two types of security groups. Follow the steps that correspond to the platform in which you launched your cluster.

To Configure the VPC Security Group (EC2-VPC Platform)

  1. In the Amazon Redshift console, in the navigation pane, choose Clusters.

  2. Choose examplecluster to open it, and make sure you are on the Configuration tab.

  3. Under Cluster Properties, for VPC Security Groups, choose your security group.

  4. After your security group opens in the Amazon EC2 console, choose the Inbound tab.

  5. Choose Edit, and enter the following, then choose Save:

    • Type: Custom TCP Rule.

    • Protocol: TCP.

    • Port Range: type the same port number that you used when you launched the cluster. The default port for Amazon Redshift is 5439, but your port might be different.

    • Source: select Custom IP, then type 0.0.0.0/0.

      Important

      Using 0.0.0.0/0 is not recommended for anything other than demonstration purposes because it allows access from any computer on the internet. In a real environment, you would create inbound rules based on your own network settings.

To Configure the Amazon Redshift Security Group

  1. In the Amazon Redshift console, in the navigation pane, choose Clusters.

  2. Choose examplecluster to open it, and make sure you are on the Configuration tab.

  3. Under Cluster Properties, for Cluster Security Groups, choose default to open the default security group.

  4. On the Security Groups tab, in the cluster security group list, choose the cluster security group whose rules you want to manage.

  5. On the Security Group Connections tab, choose Add Connection Type.

  6. In the Connection Type box, choose CIDR/IP.

    In CIDR/IP to Authorize, type 0.0.0.0/0 and choose Authorize.

    Important

    Using 0.0.0.0/0 is not recommended for anything other than demonstration purposes because it allows access from any computer on the Internet. In a real environment, you would create inbound rules based on your own network settings.