> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omni.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect to Redshift with AWS PrivateLink

> Connect to Redshift Provisioned clusters or Redshift Serverless workgroups in AWS using PrivateLink

<Note>
  This feature is in beta and is subject to change.
</Note>

Omni can connect to your Redshift provisioned cluster or Redshift Serverless workgroup in Amazon Web Services (AWS) via PrivateLink. In this configuration, Omni establishes an encrypted connection from our network to your Redshift environment over a private network using a Redshift-managed VPC endpoint.

## Requirements

To follow the steps in this guide, you'll need:

* **Organization Admin** permissions in Omni
* **In AWS**:
  * A Redshift **provisioned** cluster or a Redshift **Serverless** workgroup
  * A Redshift cluster or workgroup **in the same AWS region** as your Omni instance
  * Permissions that allow you to authorize endpoint access from Omni for your Redshift cluster or workgroup

## Limitations

Redshift-managed VPC endpoints must be in the same region as the cluster or workgroup (your Omni instance):

| Region    | Primary          |
| --------- | ---------------- |
| EastUsa   | `us-east-1`      |
| Ireland   | `eu-west-1`      |
| Australia | `ap-southeast-2` |
| Canada    | `ca-central-1`   |
| India     | `ap-south-1`     |

For cross-region access, you'll need to use a traditional AWS PrivateLink setup with a network load balancer instead. See [AWS PrivateLink](/connect-data/aws-privatelink) for more information.

## Setup

Choose the tab that matches your Redshift deployment type.

<Tabs>
  <Tab title="Redshift Provisioned">
    <Steps>
      <Step title="Authorize Omni's AWS account" titleSize="h3">
        Before Omni can create a private connection to your Redshift cluster, you need to authorize Omni's AWS account to create a managed VPC endpoint to your cluster.

        Run the following command in your AWS environment, replacing `<your-cluster-identifier>` with the identifier of your cluster:

        ```bash highlight={2} theme={null}
        aws redshift authorize-endpoint-access \
          --cluster-identifier <your-cluster-identifier> \
          --account 767117061426
        ```
      </Step>

      <Step title="Contact Omni support" titleSize="h3">
        Contact Omni support with the following information:

        * Your AWS account ID (the 12-digit account ID that owns the Redshift cluster)
        * The Redshift cluster identifier
        * The AWS region where the cluster is deployed
        * Technical contact details, in case of connection difficulties
      </Step>
    </Steps>
  </Tab>

  <Tab title="Redshift Serverless">
    <Steps>
      <Step title="Add a resource policy to your workgroup" titleSize="h3">
        Before Omni can create a private connection to your Redshift Serverless workgroup, you need to add a resource policy that grants Omni's AWS account permission to create a managed VPC endpoint to your workgroup.

        Run the following command in your AWS environment, replacing `<your-workgroup-arn>` with the ARN of your Redshift Serverless workgroup:

        ```bash wrap highlight={2} theme={null}
        aws redshift-serverless put-resource-policy \
          --resource-arn <your-workgroup-arn> \
          --policy '{
            "Version": "2012-10-17",
            "Statement": [{
              "Sid": "CrossAccountAccess",
              "Effect": "Allow",
              "Principal": {
                "AWS": "767117061426"
              },
              "Action": [
                "redshift-serverless:CreateEndpointAccess",
                "redshift-serverless:UpdateEndpointAccess",
                "redshift-serverless:DeleteEndpointAccess",
                "redshift-serverless:GetEndpointAccess"
              ],
              "Condition": {
                "ArnLike": {
                  "redshift-serverless:AuthorizedVpc": "arn:aws:ec2:*:767117061426:vpc/*"
                }
              }
            }]
          }'
        ```

        <Tip>
          You can find your workgroup ARN in the AWS console under **Amazon Redshift Serverless > Workgroups**, or by running:

          ```bash theme={null}
          aws redshift-serverless get-workgroup --workgroup-name <your-workgroup-name> \
            --query 'workgroup.workgroupArn' --output text
          ```
        </Tip>
      </Step>

      <Step title="Contact Omni support" titleSize="h3">
        Contact Omni support with the following information:

        * Your AWS account ID (the 12-digit account ID that owns the Redshift Serverless workgroup)
        * The Redshift Serverless workgroup name
        * The AWS region where the workgroup is deployed
        * Technical contact details, in case of connection difficulties
      </Step>
    </Steps>
  </Tab>
</Tabs>

## Next steps

After you contact Omni support with the above information, we'll create a Redshift-managed VPC endpoint that connects to your cluster or workgroup to support the connection.

Once this is complete, Omni support will add the new database connection to your Omni instance. The connection can then be used like any other database connection. You'll need to provide your [Redshift authentication credentials](/connect-data/setup/redshift#setup) (username and password, or workgroup credentials for Serverless) when setting up the connection in Omni.