Redshift
Requirements
Name | Description |
---|---|
Teleskope Role | Attach Redshift read and/or write permissions to the Teleskope IAM role you created |
Username and password | Create a read and/or write database user for each Redshift cluster you'd like us to scan |
SSH Tunnel (Optional) | If your Redshift instances are in a private subnet and you don't want to enable VPC peering, create a bastion host for us to use to access your Redshift instances. |
Grant Teleskope IAM Access to Redshift
Attach the AmazonRedshiftDataFullAccess and AmazonRedshiftReadOnlyAccess to the Teleskope role you created.
Terraform
resource "aws_iam_role_policy_attachment" "redshift_data_policy" {
role = "TeleskopeRole"
policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess"
}
resource "aws_iam_role_policy_attachment" "redshift__policy" {
role = "TeleskopeRole"
policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess"
}
Teleskope Database User
For each Redshift cluster you would like to scan using Teleskope, you will need to create a database user, and grant that user read permissions.
Create database user
CREATE USER teleskope WITH PASSWORD '****PASSWORD****'
Grant read access
GRANT SELECT ON svv_all_schemas TO teleskope_ro;
GRANT SELECT ON svv_table_info TO teleskope_ro;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog
-- Grant select to each Redshift schema
GRANT USAGE ON SCHEMA {schema} TO teleskope;
GRANT SELECT ON ALL TABLES IN SCHEMA {schema} TO teleskope;
Grant write access
For each redshift schema:
GRANT UPDATE, DELETE ON ALL TABLES IN SCHEMA {schema} TO teleskope;
Updated 21 days ago