Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Redshift datashare same account requires encryption

0

Hello , I created datashare between serverless redshift workgroup and a provisioned redshift cluster ,

`

-- serverless

CREATE DATASHARE aggregated_tables
SET PUBLICACCESSIBLE = TRUE  ;


ALTER DATASHARE aggregated_tables
ADD SCHEMA public ;

ALTER DATASHARE aggregated_tables
ADD SCHEMA audience_insights ; 

ALTER DATASHARE aggregated_tables
ADD ALL TABLES IN SCHEMA public, another_schema ;

ALTER DATASHARE aggregated_tables
SET INCLUDENEW = TRUE FOR SCHEMA public; 

ALTER DATASHARE aggregated_tables
SET INCLUDENEW = TRUE FOR SCHEMA another_schema; 

GRANT USAGE ON DATASHARE aggregated_tables
TO NAMESPACE 'provisioned_namespace' ;
-- provisioned namespace

DESC DATASHARE aggregated_tables ;

`

And on provisioned I ran : `

-- Permanent redshift

CREATE DATABASE shared_aggregated_database
FROM DATASHARE aggregated_tables
OF ACCOUNT 'XXXXXX' namespace 'serverless_namespace';
-- serverless namespace

DESC DATASHARE aggregated_tables OF ACCOUNT 'xxxxxxx' NAMESPACE 'serverless_namespace';`

In the editor the shared_aggregated_database is empty

and when i ran a query directly i receive ERROR: The consumer and producer cluster have different encryption type.

Serverless is encrypted by default , provisioned cluster is NOT , they are both on same aws account .

In documentations it only mentions encryption for CROSS ACCOUNT ACCESSS

https://docs.aws.amazon.com/redshift/latest/dg/considerations.html

or is it also required for same account ??

Tópicos
Banco de dadosAnálise
Tags
Banco de dadosAmazon RedshiftCriptografia
Idioma
English
zied
feita há 3 meses293 visualizações
2 Respostas
1
Resposta aceita

@zied Amazon Redshift data sharing can happen between two Redshift homogenous environments - by this i mean if one of them is encrypted then the other one will also need to be encrypted. Since Amazon Redshift Serverless is encrypted by default and if you are doing data sharing with a provisioned cluster it has to be encrypted as well. I understand this is not clearly documented and I will check on this with the documentation team. Please feel free to comment if you have any questions.

AWS
ESPECIALISTA
Ranjan Burman - AWS
respondido há 3 meses
profile pictureAWS
ESPECIALISTA
Srikant Das
avaliado há 2 meses
0

Hello,

For cross-account and cross-Region data sharing, both the producer and consumer clusters and serverless namespaces must be encrypted. This is for security purposes. However, they don't need to share the same encryption key. Ref - https://docs.aws.amazon.com/redshift/latest/dg/considerations.html

Kindly please check and confirm if both provisioned cluster and serverless namespace are in same region or different region.

Thank you !

AWS
ENGENHEIRO DE SUPORTE
Mounika_K
respondido há 3 meses
  • zied
    há 3 meses

    Hello again and thank you for your answer , my question (also title ) doesnt refere to cross account case , Im asking if we use datashare in the SAME ACCOUNT , do i need encryption in both clusters producer and consumer or not ? Thank you

  • Mounika_K ENGENHEIRO DE SUPORTE
    há 3 meses

    Hello, as mentioned previously even for cross-Region (regardless of same or cross-account) we need both producer and consumer to be encrypted. Hence, I requested you to kindly check if and confirm if both provisioned cluster and serverless namespace are in same region or different region.

    In case if both clusters are in same region and same account, please feel free to support team so that they can diagnose the root cause of issue.

    I hope you find this helpful. Kindly please reconsider the voting on previous response.

    Thank you !!

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante