使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Redshift datashare same account requires encryption

0

Hello , I created datashare between serverless redshift workgroup and a provisioned redshift cluster ,

`

-- serverless

CREATE DATASHARE aggregated_tables
SET PUBLICACCESSIBLE = TRUE  ;


ALTER DATASHARE aggregated_tables
ADD SCHEMA public ;

ALTER DATASHARE aggregated_tables
ADD SCHEMA audience_insights ; 

ALTER DATASHARE aggregated_tables
ADD ALL TABLES IN SCHEMA public, another_schema ;

ALTER DATASHARE aggregated_tables
SET INCLUDENEW = TRUE FOR SCHEMA public; 

ALTER DATASHARE aggregated_tables
SET INCLUDENEW = TRUE FOR SCHEMA another_schema; 

GRANT USAGE ON DATASHARE aggregated_tables
TO NAMESPACE 'provisioned_namespace' ;
-- provisioned namespace

DESC DATASHARE aggregated_tables ;

`

And on provisioned I ran : `

-- Permanent redshift

CREATE DATABASE shared_aggregated_database
FROM DATASHARE aggregated_tables
OF ACCOUNT 'XXXXXX' namespace 'serverless_namespace';
-- serverless namespace

DESC DATASHARE aggregated_tables OF ACCOUNT 'xxxxxxx' NAMESPACE 'serverless_namespace';`

In the editor the shared_aggregated_database is empty

and when i ran a query directly i receive ERROR: The consumer and producer cluster have different encryption type.

Serverless is encrypted by default , provisioned cluster is NOT , they are both on same aws account .

In documentations it only mentions encryption for CROSS ACCOUNT ACCESSS

https://docs.aws.amazon.com/redshift/latest/dg/considerations.html

or is it also required for same account ??

主題
資料庫分析
標籤
資料庫Amazon Redshift加密
語言
English
zied
已提問 3 個月前檢視次數 292 次
2 個答案
1
已接受的答案

@zied Amazon Redshift data sharing can happen between two Redshift homogenous environments - by this i mean if one of them is encrypted then the other one will also need to be encrypted. Since Amazon Redshift Serverless is encrypted by default and if you are doing data sharing with a provisioned cluster it has to be encrypted as well. I understand this is not clearly documented and I will check on this with the documentation team. Please feel free to comment if you have any questions.

AWS
專家
Ranjan Burman - AWS
已回答 3 個月前
profile pictureAWS
專家
Srikant Das
已審閱 2 個月前
0

Hello,

For cross-account and cross-Region data sharing, both the producer and consumer clusters and serverless namespaces must be encrypted. This is for security purposes. However, they don't need to share the same encryption key. Ref - https://docs.aws.amazon.com/redshift/latest/dg/considerations.html

Kindly please check and confirm if both provisioned cluster and serverless namespace are in same region or different region.

Thank you !

AWS
支援工程師
Mounika_K
已回答 3 個月前
  • zied
    3 個月前

    Hello again and thank you for your answer , my question (also title ) doesnt refere to cross account case , Im asking if we use datashare in the SAME ACCOUNT , do i need encryption in both clusters producer and consumer or not ? Thank you

  • Mounika_K 支援工程師
    3 個月前

    Hello, as mentioned previously even for cross-Region (regardless of same or cross-account) we need both producer and consumer to be encrypted. Hence, I requested you to kindly check if and confirm if both provisioned cluster and serverless namespace are in same region or different region.

    In case if both clusters are in same region and same account, please feel free to support team so that they can diagnose the root cause of issue.

    I hope you find this helpful. Kindly please reconsider the voting on previous response.

    Thank you !!

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容