Skip to content

AWS Redshift Guide

Screenshot

Learn more about the benefits of Satori for AWS Redshift and Schedule a demo meeting

It only takes a few minutes to get started with Satori. What you need is:

  • Access to Satori's management console.
  • The hostname of your Redshift cluster, for example: abc123.ci3gimsawmqt.us-east-2.redshift.amazonaws.com or, the hostname of your Redshift Serverless Endpoint, for example: abc123.12534567890.us-east-1.redshift-serverless.amazonaws.com

Learn more about the benefits of Satori for AWS Redshift and Schedule a demo meeting

Adding an AWS Redshift Data Store to Satori

Screenshot

Perform the following steps to add an AWS Redshift data store to your Satori account:

  1. Login to the Satori Management Console.
  2. In the Data Stores view, click the plus button to add a new data store.
  3. Select the Redshift option.
  4. Enter an informative name for the data store, for example: Sales Data Warehouse.
  5. Enter the Hostname of your Redshift cluster, for example: abc123.ci3gimsawmqt.us-east-2.redshift.amazonaws.com. You can find the hostname of your Redshift cluster in the AWS console.
  6. Choose a Data Access Controller to use for this data store by selecting the Cloud provider and Region.
  7. Click the Add New Data Store button.
  8. You will be redirected to the Data Stores list view.

Enabling Satori Authentication

To enable your data consumers to use temp credentials and personal access tokens you must activate these features for each of your data stores.

  1. Go to the Data Stores view and select the AWS Redshift data store.
  2. Click the Authentication Settings tab.
  3. Go to the Temporary Credentials section and turn on the Enable Satori Credentials Toggle switch.
  4. Enter the username and password used to connect to the data store. Satori stores credentials in an encrypted form.
  5. To enable Personal Access Tokens for the data store turn on the Enable personal access tokens for this data store toggle switch.
  6. Click SAVE.

Screenshot

Connect to AWS Redshift via Satori

To connect to Redshift using Satori use the Satori hostname that was generated by the management console which can be found under Satori Hostname in the data store settings view, for example: abc123.ci3gimsawmqt.us-east-2.a.p0.satoricyber.net.

TLS SNI Required

To connect to Redshift via Satori, the client application needs to support the Server Name Identification (SNI) extension of the Transport Level Security (TLS) protocol. For clients that do not support the SNI extension, Satori can enable a custom, dedicated port which overcomes the problem. The custom port number can be found in the data store setting in the management console.

Please contact Support for more details.

Connecting with the JDBC Driver

To connect with the JDBC driver, override or add the host parameter in the JDBC URL. For example:

jdbc:redshift://abc123.ci3gimsawmqt.us-east-2.a.p0.satoricyber.net/?user=john@example.com&...

Connecting with the JDBC Driver and AWS IAM

When using Amazon Identity and Access Management (IAM) to authenticate to Redshift, ensure that the ClusterID and Region properties are set. For example, when connecting to abc123.ci3gimsawmqt.us-east-2.redshift.amazonaws.com set ClusterID to abc123 and Region to us-east-2.

Connecting with the PSQL Command Line Utility

TLS SNI not supported by PSQL Please use version 13.1 or higher of PSQL. In prior versions, PSQL uses the TLS1.0 protocol by default which is considered insecure and is not supported by Satori.

To connect to Redshift using PSQL change the host parameter to the Satori generated hostname and use the custom dedicated port for your data store. For example: psql -h abc123.ci3gimsawmqt.us-east-2.a.p0.satoricyber.net -p 12340 -U john example

Connecting with the Python Connector

TLS SNI not supported by redshift-connector Please use version 2.0.93 or higher of the redshift-connector for python.

To connect to Redshift using PSQL change the host parameter to the Satori generated hostname and use the custom dedicated port for your data store. For example:

conn = redshift_connector.connect(
    host='abc123.ci3gimsawmqt.us-east-2.a.p0.satoricyber.net',
    port=12340,
    ...
)

Connecting with Tableau

TLS SNI not supported by Tableau

To connect to Redshift using Tableau, use the PostgreSQL connection instead of the Redshift connection, and override the Server and Port fields in the data source settings with the Satori hostname and custom dedicated port for your data store.

Connecting with Looker

Looker uses the JDBC driver to connect to Redshift. Override the Remote Host:Port parameter with the Satori hostname. For example: abc123.ci3gimsawmqt.us-east-2.a.p0.satoricyber.net:5439.

Connecting with AWS QuickSight

TLS SNI not supported by AWS QuickSight

To connect to Redshift using AWS QuickSight override the Database server and Port fields in the data source settings with the Satori hostname and custom dedicated port for your data store.

Connecting with QlikSense

TLS SNI not supported by QlikSense

To connect to Redshift using QlikSense override the Host name and Port fields in the data source settings with the Satori hostname and custom dedicated port for your data store.

Connecting with dbt

dbt uses the Redshift Python SQL connector to connect to Redshift. When you configure your profile, make sure you use your Satori hostname, and set sslmode to require

Connecting with AWS SDK for pandas (awswrangler)

awswrangler uses the Redshift Python SQL connector to connect to Redshift. When you configure your awswranger Redshift connection, make sure you use the secret_id option which allows you to set the host key with the Satori generated hostname, and set the sslmode option to verify-full.

Here's a basic code example:

import boto3
import awswrangler as wr
import json

SECRET_NAME = "my-secret" 
AWS_REGION = "us-east-1" 

# Get secrets and create boto3 session
session = boto3.client("secretsmanager", AWS_REGION)
response = session.get_secret_value(SecretId=SECRET_NAME)
secret = json.loads(response["SecretString"])
boto3_session = boto3.Session(region_name=AWS_REGION)

# Use SECRET_NAME retrieved and boto3 session for awswrangler to create a connection 
conn = wr.redshift.connect(
    secret_id=SECRET_NAME, boto3_session=boto3_session, sslmode="verify-full"
) 

# Test the connection with a simple query
df = wr.redshift.read_sql_query("SELECT 1", con=conn)

# Close the connection
conn.close()

Network Policy Settings

Satori provides you with the ability to define your network security policy for your data store.

Screenshot

Simply, specify which IP addresses and subnet masks should be allowed access to the Data Store and which IP addresses and subnet masks should be blocked. Note that by default, Satori allows all IP address ranges if you leave the form empty.

Example 1

To allow all IP addresses - Leave the form empty. Screenshot

Example 2

To block specific IP addresses - Add them to the blocked IP address list. Screenshot

Example 3

To only allow access to specific IP addresses - Add them to the allow list. Note: Access from all other IP addresses ware blocked. Screenshot

Example 4

To allow access from a specific IP address range while blocking parts of the range - Add the IP range to the list of allowed IP addresses and add the IP address that you wish to block to the Block list. Screenshot