Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

BI tool access through Redshift Managed Endpoint

0

Hi,

Can a BI tool like Qlik access a private redshift cluster using a Redshift managed endpoint. I have attached an Internet gateway to my VPC and did not add a route to it so that my cluster and subnets stay private. I allowed Qlik Cloud public IPs access to Redshift by adding a security group rule.

Thanks in advance

Topics
AnalyticsNetworking & Content DeliveryAWS Well-Architected Framework
Tags
Amazon VPCSecurity GroupAmazon RedshiftSecurity
Language
English
asked 9 months ago132 views
2 Answers
0

Yes, a BI tool like Qlik can access a private Amazon Redshift cluster using a Redshift-managed VPC endpoint. Redshift-managed VPC endpoints (powered by AWS PrivateLink) provide a private connection between a VPC containing your Redshift cluster and a VPC where your client tool is running, without requiring public IP addresses or routing traffic through the internet.

To set this up:

  1. Create a Redshift-managed VPC endpoint in the VPC where your Qlik tool is running, pointing to your private Redshift cluster.

  2. Ensure the security groups associated with your Redshift cluster allow inbound traffic from the security group associated with the VPC endpoint.

  3. After creating the endpoint, you can access your Redshift cluster through the Endpoint URL provided in the configuration settings.

This approach is more secure than allowing specific IP addresses through security group rules, as it keeps all traffic within the AWS network and doesn't require exposing your Redshift cluster to the internet.

Note that if your Qlik Cloud instance is running outside of AWS (as a SaaS offering), you would need to establish connectivity between Qlik Cloud and your AWS environment, potentially using other solutions like AWS Direct Connect or a VPN connection, as Redshift-managed VPC endpoints are designed for connections between VPCs within AWS.
Sources
Redshift-managed VPC endpoints - Amazon Redshift
Creating a Redshift-managed VPC endpoint - Amazon Redshift
Infrastructure security in Amazon Redshift - Amazon Redshift

answered 9 months ago
0

Yes, Qlik Cloud can access your private Redshift cluster using a Redshift-managed VPC endpoint with your current setup. Your configuration (Internet Gateway attached but no routes from private subnets, security group rules allowing Qlik Cloud IPs) is valid and secure.

Redshift-managed VPC endpoints use AWS PrivateLink to create a private connection between Qlik Cloud and your Redshift cluster

  • Your Redshift cluster remains in private subnets with no internet exposure
  • Security group rules control access, allowing only specific Qlik Cloud IPs

Redshift Cluster Requirements:

  • RA3 node types (required for managed VPC endpoints)
  • Security group rules allowing Qlik Cloud IPs on port 5439
  • Cluster in a private subnet

Access Configuration:

  • Redshift-managed VPC endpoint service must be enabled
  • You must grant permissions to the Qlik Cloud AWS account
  • Qlik needs your cluster identifier, database name, and credentials

Implementation Overview

  • Grant Qlik access to your Redshift cluster using the authorize-endpoint-access command
  • Verify security group rules allow traffic from Qlik Cloud IPs to port 5439

This approach gives you the security benefits of keeping your Redshift cluster private while still allowing your BI tools to access it through a secure, managed connection.

AWS
EXPERT
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content