This feature is in beta and is subject to change.
Requirements
To follow the steps in this guide, you’ll need:
- Organization Admin permissions in Omni
- In AWS:
- A Redshift provisioned cluster or a Redshift Serverless workgroup
- A Redshift cluster or workgroup in the same AWS region as your Omni instance
- Permissions that allow you to authorize endpoint access from Omni for your Redshift cluster or workgroup
Limitations
Redshift-managed VPC endpoints must be in the same region as the cluster or workgroup (your Omni instance):
| Region | Primary |
|---|
| EastUsa | us-east-1 |
| Ireland | eu-west-1 |
| Australia | ap-southeast-2 |
| Canada | ca-central-1 |
| India | ap-south-1 |
Setup
Choose the tab that matches your Redshift deployment type.
Redshift Provisioned
Redshift Serverless
Authorize Omni's AWS account
Before Omni can create a private connection to your Redshift cluster, you need to authorize Omni’s AWS account to create a managed VPC endpoint to your cluster.Run the following command in your AWS environment, replacing <your-cluster-identifier> with the identifier of your cluster:aws redshift authorize-endpoint-access \
--cluster-identifier <your-cluster-identifier> \
--account 767117061426
Add a resource policy to your workgroup
Before Omni can create a private connection to your Redshift Serverless workgroup, you need to add a resource policy that grants Omni’s AWS account permission to create a managed VPC endpoint to your workgroup.Run the following command in your AWS environment, replacing <your-workgroup-arn> with the ARN of your Redshift Serverless workgroup:aws redshift-serverless put-resource-policy \
--resource-arn <your-workgroup-arn> \
--policy '{
"Version": "2012-10-17",
"Statement": [{
"Sid": "CrossAccountAccess",
"Effect": "Allow",
"Principal": {
"AWS": "767117061426"
},
"Action": [
"redshift-serverless:CreateEndpointAccess",
"redshift-serverless:UpdateEndpointAccess",
"redshift-serverless:DeleteEndpointAccess",
"redshift-serverless:GetEndpointAccess"
],
"Condition": {
"ArnLike": {
"redshift-serverless:AuthorizedVpc": "arn:aws:ec2:*:767117061426:vpc/*"
}
}
}]
}'
You can find your workgroup ARN in the AWS console under Amazon Redshift Serverless > Workgroups, or by running:aws redshift-serverless get-workgroup --workgroup-name <your-workgroup-name> \
--query 'workgroup.workgroupArn' --output text
Next steps
After you contact Omni support with the above information, we’ll create a Redshift-managed VPC endpoint that connects to your cluster or workgroup to support the connection.
Once this is complete, Omni support will add the new database connection to your Omni instance. The connection can then be used like any other database connection. You’ll need to provide your Redshift authentication credentials (username and password, or workgroup credentials for Serverless) when setting up the connection in Omni.
