How can I make a private Amazon Redshift cluster publicly accessible?

Last updated: 2020-01-09

How do I change an Amazon Redshift cluster from private to publicly accessible?


Follow the steps for Modifying a Cluster. In the Modify Cluster window, change Publicly accessible to Yes. If you still can't connect to the cluster from the internet or a different network, check the following settings.

Security group

  1. Open the Amazon Redshift console, and then choose the cluster to modify.
  2. Choose the link next to VPC security groups to open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  3. On the Inbound Rules tab, be sure that your IP address and the port of your Amazon Redshift cluster are allowed. The default port for Amazon Redshift is 5439, but your port might be different.
    Although security groups are stateful, it’s a best practice to be sure that the Outbound Rules allow outbound communications. By default, a security group includes an outbound rule that allows all outbound traffic. For more information, see Security Group Basics.

VPC network access control list (network ACL)

Unlike security groups, network ACLs are stateless. This means that you must configure both inbound and outbound rules. Be sure that your IP address and the port of your Amazon Redshift cluster are allowed in the inbound rules for the VPC network ACL. In the outbound rules, allow all traffic (port range: 0–65535) to your IP address. For more information, see Adding and Deleting Rules.

VPC route table

Verify route table settings on the Amazon VPC console. To connect to a publicly accessible cluster from the public internet, an internet gateway must be attached to the route table associated with the VPC that your cluster is in. For more information, see Enabling Internet Access.

If you don’t want to make the subnet publicly accessible because of other resources that are in that subnet, use a snapshot to restore the cluster into a public subnet.

If you still have connection problems, use network diagnostic tools such as Telnet and tcpdump for additional troubleshooting.

Did this article help you?

Anything we could improve?

Need more help?