Categorygithub.com/aws/aws-cdk-go/awscdkawsredshift
package
1.204.0-devpreview
Repository: https://github.com/aws/aws-cdk-go.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
12
Dependents
0
Files
15.3k SLOC

# README

Amazon Redshift Construct Library

Starting a Redshift Cluster Database

To set up a Redshift cluster, define a Cluster. It will be launched in a VPC. You can specify a VPC, otherwise one will be created. The nodes are always launched in private subnets and are encrypted by default.

import ec2 "github.com/aws/aws-cdk-go/awscdk"


vpc := ec2.NewVpc(this, jsii.String("Vpc"))
cluster := awscdk.NewCluster(this, jsii.String("Redshift"), &ClusterProps{
	MasterUser: &Login{
		MasterUsername: jsii.String("admin"),
	},
	Vpc: Vpc,
})

By default, the master password will be generated and stored in AWS Secrets Manager.

A default database named default_db will be created in the cluster. To change the name of this database set the defaultDatabaseName attribute in the constructor properties.

By default, the cluster will not be publicly accessible. Depending on your use case, you can make the cluster publicly accessible with the publiclyAccessible property.

Connecting

To control who can access the cluster, use the .connections attribute. Redshift Clusters have a default port, so you don't need to specify the port:

cluster.Connections.AllowDefaultPortFromAnyIpv4(jsii.String("Open to the world"))

The endpoint to access your database cluster will be available as the .clusterEndpoint attribute:

cluster.ClusterEndpoint.SocketAddress

Database Resources

This module allows for the creation of non-CloudFormation database resources such as users and tables. This allows you to manage identities, permissions, and stateful resources within your Redshift cluster from your CDK application.

Because these resources are not available in CloudFormation, this library leverages custom resources to manage them. In addition to the IAM permissions required to make Redshift service calls, the execution role for the custom resource handler requires database credentials to create resources within the cluster.

These database credentials can be supplied explicitly through the adminUser properties of the various database resource constructs. Alternatively, the credentials can be automatically pulled from the Redshift cluster's default administrator credentials. However, this option is only available if the password for the credentials was generated by the CDK application (ie., no value vas provided for the masterPassword property of Cluster.masterUser).

Creating Users

Create a user within a Redshift cluster database by instantiating a User construct. This will generate a username and password, store the credentials in a AWS Secrets Manager Secret, and make a query to the Redshift cluster to create a new database user with the credentials.

awscdk.NewUser(this, jsii.String("User"), &UserProps{
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})

By default, the user credentials are encrypted with your AWS account's default Secrets Manager encryption key. You can specify the encryption key used for this purpose by supplying a key in the encryptionKey property.

import kms "github.com/aws/aws-cdk-go/awscdk"


encryptionKey := kms.NewKey(this, jsii.String("Key"))
awscdk.NewUser(this, jsii.String("User"), &UserProps{
	EncryptionKey: encryptionKey,
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})

By default, a username is automatically generated from the user construct ID and its path in the construct tree. You can specify a particular username by providing a value for the username property. Usernames must be valid identifiers; see: Names and identifiers in the Amazon Redshift Database Developer Guide.

awscdk.NewUser(this, jsii.String("User"), &UserProps{
	Username: jsii.String("myuser"),
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})

The user password is generated by AWS Secrets Manager using the default configuration found in secretsmanager.SecretStringGenerator, except with password length 30 and some SQL-incompliant characters excluded. The plaintext for the password will never be present in the CDK application; instead, a CloudFormation Dynamic Reference will be used wherever the password value is required.

Creating Tables

Create a table within a Redshift cluster database by instantiating a Table construct. This will make a query to the Redshift cluster to create a new database table with the supplied schema.

awscdk.NewTable(this, jsii.String("Table"), &TableProps{
	TableColumns: []column{
		&column{
			Name: jsii.String("col1"),
			DataType: jsii.String("varchar(4)"),
		},
		&column{
			Name: jsii.String("col2"),
			DataType: jsii.String("float"),
		},
	},
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})

The table can be configured to have distStyle attribute and a distKey column:

awscdk.NewTable(this, jsii.String("Table"), &TableProps{
	TableColumns: []column{
		&column{
			Name: jsii.String("col1"),
			DataType: jsii.String("varchar(4)"),
			DistKey: jsii.Boolean(true),
		},
		&column{
			Name: jsii.String("col2"),
			DataType: jsii.String("float"),
		},
	},
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
	DistStyle: awscdk.TableDistStyle_KEY,
})

The table can also be configured to have sortStyle attribute and sortKey columns:

awscdk.NewTable(this, jsii.String("Table"), &TableProps{
	TableColumns: []column{
		&column{
			Name: jsii.String("col1"),
			DataType: jsii.String("varchar(4)"),
			SortKey: jsii.Boolean(true),
		},
		&column{
			Name: jsii.String("col2"),
			DataType: jsii.String("float"),
			SortKey: jsii.Boolean(true),
		},
	},
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
	SortStyle: awscdk.TableSortStyle_COMPOUND,
})

Granting Privileges

You can give a user privileges to perform certain actions on a table by using the Table.grant() method.

user := awscdk.NewUser(this, jsii.String("User"), &UserProps{
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})
table := awscdk.NewTable(this, jsii.String("Table"), &TableProps{
	TableColumns: []column{
		&column{
			Name: jsii.String("col1"),
			DataType: jsii.String("varchar(4)"),
		},
		&column{
			Name: jsii.String("col2"),
			DataType: jsii.String("float"),
		},
	},
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})

table.grant(user, awscdk.TableAction_DROP, awscdk.TableAction_SELECT)

Take care when managing privileges via the CDK, as attempting to manage a user's privileges on the same table in multiple CDK applications could lead to accidentally overriding these permissions. Consider the following two CDK applications which both refer to the same user and table. In application 1, the resources are created and the user is given INSERT permissions on the table:

databaseName := "databaseName"
username := "myuser"
tableName := "mytable"

user := awscdk.NewUser(this, jsii.String("User"), &UserProps{
	Username: username,
	Cluster: cluster,
	DatabaseName: databaseName,
})
table := awscdk.NewTable(this, jsii.String("Table"), &TableProps{
	TableColumns: []column{
		&column{
			Name: jsii.String("col1"),
			DataType: jsii.String("varchar(4)"),
		},
		&column{
			Name: jsii.String("col2"),
			DataType: jsii.String("float"),
		},
	},
	Cluster: cluster,
	DatabaseName: databaseName,
})
table.grant(user, awscdk.TableAction_INSERT)

In application 2, the resources are imported and the user is given INSERT permissions on the table:

databaseName := "databaseName"
username := "myuser"
tableName := "mytable"

user := awscdk.User_FromUserAttributes(this, jsii.String("User"), &UserAttributes{
	Username: username,
	Password: awscdk.SecretValue_UnsafePlainText(jsii.String("NOT_FOR_PRODUCTION")),
	Cluster: cluster,
	DatabaseName: databaseName,
})
table := awscdk.Table_FromTableAttributes(this, jsii.String("Table"), &TableAttributes{
	TableName: tableName,
	TableColumns: []column{
		&column{
			Name: jsii.String("col1"),
			DataType: jsii.String("varchar(4)"),
		},
		&column{
			Name: jsii.String("col2"),
			DataType: jsii.String("float"),
		},
	},
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})
table.Grant(user, awscdk.TableAction_INSERT)

Both applications attempt to grant the user the appropriate privilege on the table by submitting a GRANT USER SQL query to the Redshift cluster. Note that the latter of these two calls will have no effect since the user has already been granted the privilege.

Now, if application 1 were to remove the call to grant, a REVOKE USER SQL query is submitted to the Redshift cluster. In general, application 1 does not know that application 2 has also granted this permission and thus cannot decide not to issue the revocation. This leads to the undesirable state where application 2 still contains the call to grant but the user does not have the specified permission.

Note that this does not occur when duplicate privileges are granted within the same application, as such privileges are de-duplicated before any SQL query is submitted.

Rotating credentials

When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:

cluster.AddRotationSingleUser()

The multi user rotation scheme is also available:

user := awscdk.NewUser(this, jsii.String("User"), &UserProps{
	Cluster: cluster,
	DatabaseName: jsii.String("databaseName"),
})
cluster.AddRotationMultiUser(jsii.String("MultiUserRotation"), &RotationMultiUserOptions{
	Secret: user.Secret,
})

# Functions

No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given construct is a CfnResource.
Return whether the given object is a Construct.
Import an existing DatabaseCluster from properties.
Return whether the given object is a Construct.
Check whether the given construct is a Resource.
Imports a parameter group.
Return whether the given object is a Construct.
Check whether the given construct is a Resource.
Imports an existing subnet group by name.
Return whether the given object is a Construct.
Check whether the given construct is a Resource.
Deprecated: use `fromSecretCompleteArn` or `fromSecretPartialArn`.
Import an existing secret into the Stack.
Imports a secret by complete ARN.
Imports a secret by secret name; the ARN of the Secret will be set to the secret name.
Imports a secret by secret name.
Imports a secret by partial ARN.
Return whether the given object is a Construct.
Check whether the given construct is a Resource.
Create a new `AWS::Redshift::Cluster`.
Create a new `AWS::Redshift::Cluster`.
Create a new `AWS::Redshift::ClusterParameterGroup`.
Create a new `AWS::Redshift::ClusterParameterGroup`.
Create a new `AWS::Redshift::ClusterSecurityGroup`.
Create a new `AWS::Redshift::ClusterSecurityGroup`.
Create a new `AWS::Redshift::ClusterSecurityGroupIngress`.
Create a new `AWS::Redshift::ClusterSecurityGroupIngress`.
Create a new `AWS::Redshift::ClusterSubnetGroup`.
Create a new `AWS::Redshift::ClusterSubnetGroup`.
Create a new `AWS::Redshift::EndpointAccess`.
Create a new `AWS::Redshift::EndpointAccess`.
Create a new `AWS::Redshift::EndpointAuthorization`.
Create a new `AWS::Redshift::EndpointAuthorization`.
Create a new `AWS::Redshift::EventSubscription`.
Create a new `AWS::Redshift::EventSubscription`.
Create a new `AWS::Redshift::ScheduledAction`.
Create a new `AWS::Redshift::ScheduledAction`.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Experimental.
Specify a Redshift table using a table name and schema that already exists.
Return whether the given object is a Construct.
Specify a Redshift user using credentials that already exist.
Return whether the given object is a Construct.

# Constants

multi-node cluster, set the amount of nodes using {@link ClusterProps.numberOfNodes} parameter.
single-node cluster, the {@link ClusterProps.numberOfNodes} parameter is not required.
dc1.8xlarge.
dc1.large.
dc2.8xlarge.
dc2.large.
ds2.8xlarge.
ds2.xlarge.
ra3.16xlarge.
ra3.4xlarge.
ra3.xlplus.
Grants all available privileges at once to the specified user or user group.
Grants privilege to delete a data row from a table.
Grants privilege to drop a table.
Grants privilege to load data into a table using an INSERT statement or a COPY statement.
Grants privilege to create a foreign key constraint.
Grants privilege to select data from a table or view using a SELECT statement.
Grants privilege to update a table column using an UPDATE statement.
A copy of the entire table is distributed to every node.
Amazon Redshift assigns an optimal distribution style based on the table data.
The data in the table is spread evenly across the nodes in a cluster in a round-robin distribution.
The data is distributed by the values in the DISTKEY column.
Amazon Redshift assigns an optimal sort key based on the table data.
Specifies that the data is sorted using a compound key made up of all of the listed columns, in the order they are listed.
Specifies that the data is sorted using an interleaved sort key.

# Structs

Describes a connection endpoint.
Specifies logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster.
Describes a parameter in a cluster parameter group.
Properties for defining a `CfnClusterParameterGroup`.
Properties for defining a `CfnCluster`.
Properties for defining a `CfnClusterSecurityGroupIngress`.
Properties for defining a `CfnClusterSecurityGroup`.
Properties for defining a `CfnClusterSubnetGroup`.
Describes a network interface.
The connection endpoint for connecting to an Amazon Redshift cluster through the proxy.
The security groups associated with the endpoint.
Properties for defining a `CfnEndpointAccess`.
Properties for defining a `CfnEndpointAuthorization`.
Properties for defining a `CfnEventSubscription`.
Describes a pause cluster operation.
Describes a resize cluster operation.
Describes a resume cluster operation.
The action type that specifies an Amazon Redshift API operation that is supported by the Amazon Redshift scheduler.
Properties for defining a `CfnScheduledAction`.
Properties that describe an existing cluster instance.
Properties for a parameter group.
Properties for a new database cluster.
Properties for creating a ClusterSubnetGroup.
A column in a Redshift table.
Properties for accessing a Redshift database.
Construction properties for a DatabaseSecret.
Username and password combination.
Options to add the multi user rotation.
A full specification of a Redshift table that can be used to import it fluently into the CDK application.
Properties for configuring a Redshift table.
A full specification of a Redshift user that can be used to import it fluently into the CDK application.
Properties for configuring a Redshift user.

# Interfaces

A CloudFormation `AWS::Redshift::Cluster`.
A CloudFormation `AWS::Redshift::ClusterParameterGroup`.
A CloudFormation `AWS::Redshift::ClusterSecurityGroup`.
A CloudFormation `AWS::Redshift::ClusterSecurityGroupIngress`.
A CloudFormation `AWS::Redshift::ClusterSubnetGroup`.
A CloudFormation `AWS::Redshift::EndpointAccess`.
A CloudFormation `AWS::Redshift::EndpointAuthorization`.
A CloudFormation `AWS::Redshift::EventSubscription`.
A CloudFormation `AWS::Redshift::ScheduledAction`.
Create a Redshift cluster a given number of nodes.
A cluster parameter group.
Class for creating a Redshift cluster subnet group.
A database secret.
Connection endpoint of a redshift cluster.
Create a Redshift Cluster with a given number of nodes.
A parameter group.
Interface for a cluster subnet group.
Represents a table in a Redshift database.
Represents a user in a Redshift database.
A table in a Redshift cluster.
A user in a Redshift cluster.

# Type aliases

What cluster type to use.
Possible Node Types to use in the cluster used for defining {@link ClusterProps.nodeType}.
An action that a Redshift user can be granted privilege to perform on a table.
The data distribution style of a table.
The sort style of a table.