I can't connect to my Amazon Redshift cluster

Short description

To connect to your Amazon Redshift cluster, check the following:

• If your Amazon Redshift cluster is in a public subnet and you want to access it over the internet, then set Publicly accessible to Yes.
• If your Amazon Redshift cluster is in a private subnet, then use a NAT gateway in the public subnet to access the internet. A cluster in a private subnet can connect to the internet using the NAT gateway, but the internet can't initiate a connection to the cluster.
• To enable your Amazon Redshift cluster to communicate with resources that are in a different virtual private cloud (VPC) account, create a VPC peering connection.

Resolution

My cluster is in a public subnet, but I can't connect to it over the internet from my local computer

Note: Before completing the steps below, make sure that your VPC has an internet gateway attached to it.

1.    Open the Amazon Redshift console.

2.    Choose Clusters.

3.    Select the cluster to which you are trying to connect.

4.    Choose Actions.

5.    Choose Modify publicly accessible setting.

6.    For Allow instances and devices outside the VPC to connect to your database through the cluster endpoint, choose edit publicly accessible.

7.    Choose Enable.

8.    (Optional) Select your Elastic IP address.

9.    Choose Confirm to save your changes.

My cluster is in a private subnet, and I can't connect to it from my local computer

Your cluster must be in a public subnet for it to connect to a local machine.

To access a cluster from a local machine, perform the following steps:

1.    Open the Amazon Redshift console.

2.    Choose Clusters.

3.    Select the cluster to which you are trying to connect.

4.    Choose the Configuration tab to open the Cluster Properties page.

5.    Choose View VPCs to open the Amazon VPC console.

6.    In the navigation pane, choose Route Tables.

7.    Select the route table that is associated with the subnet where your cluster resides.

8.    Choose Edit.

9.    Choose Add route.
For IPv4 traffic, enter "0.0.0.0/0" in the Destination field, and then select the internet gateway ID for the Target field.
For IPv6 traffic, enter "::/0" in the Destination field, and then select the internet gateway ID for the Target field.

10.    Choose Save.

My cluster can't be accessed by an Amazon Elastic Compute Cloud (Amazon EC2) instance that is in a different VPC

Create a VPC peering connection between the VPCs. A VPC peering connection allows two VPCs to communicate with each other using private IP addresses.

1.    Follow the steps for Creating and accepting a VPC peering connection.

Note: If the VPCs are in the same AWS account, make sure that the IPv4 CIDR blocks don't overlap.

2.    Update both route tables.

3.    Update your security groups to reference peer VPC groups.

4.    On the EC2 instance, test the VPC peering connection using a networking utility (such as netcat). For example:

nc -zv <hostname> <port>

If the VPC peering connection is successful, then the output will look like this:

$ nc -zv example.123456789.us-east-1.redshift.amazonaws.com 5439
found 0 associations
found 1 connections:
     1:    flags=82<CONNECTED,PREFERRED>
    outif en0
    src xx.xxx.xxx.xx port 53396
    dst xx.xxx.xxx.xxx port 5439
    rank info not available
    TCP aux info available

Connection to example.123456789.us-east-1.redshift.amazonaws.com port 5439 [tcp/*] succeeded!

---

Related information

Authorizing access to the cluster

Managing clusters in an Amazon Virtual Private Cloud (Amazon VPC)

Working with VPC peering connections

Working with route tables