AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Redshift datashare same account requires encryption

0

Hello , I created datashare between serverless redshift workgroup and a provisioned redshift cluster ,

`

-- serverless

CREATE DATASHARE aggregated_tables
SET PUBLICACCESSIBLE = TRUE  ;


ALTER DATASHARE aggregated_tables
ADD SCHEMA public ;

ALTER DATASHARE aggregated_tables
ADD SCHEMA audience_insights ; 

ALTER DATASHARE aggregated_tables
ADD ALL TABLES IN SCHEMA public, another_schema ;

ALTER DATASHARE aggregated_tables
SET INCLUDENEW = TRUE FOR SCHEMA public; 

ALTER DATASHARE aggregated_tables
SET INCLUDENEW = TRUE FOR SCHEMA another_schema; 

GRANT USAGE ON DATASHARE aggregated_tables
TO NAMESPACE 'provisioned_namespace' ;
-- provisioned namespace

DESC DATASHARE aggregated_tables ;

`

And on provisioned I ran : `

-- Permanent redshift

CREATE DATABASE shared_aggregated_database
FROM DATASHARE aggregated_tables
OF ACCOUNT 'XXXXXX' namespace 'serverless_namespace';
-- serverless namespace

DESC DATASHARE aggregated_tables OF ACCOUNT 'xxxxxxx' NAMESPACE 'serverless_namespace';`

In the editor the shared_aggregated_database is empty

and when i ran a query directly i receive ERROR: The consumer and producer cluster have different encryption type.

Serverless is encrypted by default , provisioned cluster is NOT , they are both on same aws account .

In documentations it only mentions encryption for CROSS ACCOUNT ACCESSS

https://docs.aws.amazon.com/redshift/latest/dg/considerations.html

or is it also required for same account ??

주제
데이터베이스분석
태그
데이터베이스아마존 Redshift암호화
언어
English
zied
질문됨 3달 전302회 조회
2개 답변
1
수락된 답변

@zied Amazon Redshift data sharing can happen between two Redshift homogenous environments - by this i mean if one of them is encrypted then the other one will also need to be encrypted. Since Amazon Redshift Serverless is encrypted by default and if you are doing data sharing with a provisioned cluster it has to be encrypted as well. I understand this is not clearly documented and I will check on this with the documentation team. Please feel free to comment if you have any questions.

AWS
전문가
Ranjan Burman - AWS
답변함 3달 전
profile pictureAWS
전문가
Srikant Das
검토됨 2달 전
0

Hello,

For cross-account and cross-Region data sharing, both the producer and consumer clusters and serverless namespaces must be encrypted. This is for security purposes. However, they don't need to share the same encryption key. Ref - https://docs.aws.amazon.com/redshift/latest/dg/considerations.html

Kindly please check and confirm if both provisioned cluster and serverless namespace are in same region or different region.

Thank you !

AWS
지원 엔지니어
Mounika_K
답변함 3달 전
  • zied
    3달 전

    Hello again and thank you for your answer , my question (also title ) doesnt refere to cross account case , Im asking if we use datashare in the SAME ACCOUNT , do i need encryption in both clusters producer and consumer or not ? Thank you

  • Mounika_K 지원 엔지니어
    3달 전

    Hello, as mentioned previously even for cross-Region (regardless of same or cross-account) we need both producer and consumer to be encrypted. Hence, I requested you to kindly check if and confirm if both provisioned cluster and serverless namespace are in same region or different region.

    In case if both clusters are in same region and same account, please feel free to support team so that they can diagnose the root cause of issue.

    I hope you find this helpful. Kindly please reconsider the voting on previous response.

    Thank you !!

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠