Amazon Redshift Cluster Security
Groups
Topics
•
Overview (p. 32)
•
Managing Security Groups Using the Console (p. 33)
•
Managing Security Groups Using AWS SDK for Java (p. 37)
•
Manage Security Group Using Amazon Redshift CLI and API (p. 40)
Overview
When you provision an Amazon Redshift cluster, it is locked down by default so nobody has access to
it. To grant other users inbound access to an Amazon Redshift cluster, you define a cluster security group
and associate it with a cluster. A security group consists of a set of rules that control access to your
cluster. Individual rules identify a range of CIDR/IP addresses or an Amazon EC2 security group that is
allowed access to your cluster. When you associate a security group with a cluster, the rules that are
defined in the security group control access to the cluster.
You can create security groups independent of provisioning any cluster. You can associate a security
group with an Amazon Redshift cluster either at the time you provision the cluster or later. Also, you can
associate a security group with multiple clusters.
Amazon Redshift provides a security group called default, which is created automatically when you launch
your first cluster. Initially, this security group is empty. You can add inbound access rules to the default
security group and then associate it with your Amazon Redshift cluster.
If the default security group is enough for you, you won’t need to create your own; however, you can
optionally create your own security groups to better manage inbound access to your cluster. For example,
suppose you are running a service on an Amazon Redshift cluster, and you have a few companies as
your customers. If you don’t want to provide the same access to all your customers, you might want to
create separate security groups, one for each company. You can add rules in each security group to
identify the EC2 security groups and the CIDR/IP ranges specific to a company. You can then associate
all these security groups with your cluster.
You can associate a security group with many clusters, and you can associate many security groups with
a cluster.
API Version 2012-12-01
32
Amazon Redshift Management Guide
Overview