How can I make a private Amazon Redshift cluster publicly accessible?
Last updated: 2020-11-09
I want to update my Amazon Redshift cluster so that it is publicly accessible. How can I do this?
Follow the steps for Modifying a cluster. In the Modify Cluster window, change Publicly accessible to Yes. If you still can't connect to the cluster from the internet or a different network, check the following settings.
- Open the Amazon Redshift console, and then choose the cluster to modify.
- Choose the link next to VPC security groups to open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- On the Inbound Rules tab, be sure that your IP address and the port of your Amazon Redshift cluster are allowed. The default port for Amazon Redshift is 5439, but your port might be different.
Note: Although security groups are stateful, it’s a best practice to be sure that the Outbound Rules allow outbound communications. By default, a security group includes an outbound rule that allows all outbound traffic. For more information, see Security group basics.
VPC network access control list (network ACL)
Unlike security groups, network ACLs are stateless. This means that you must configure both inbound and outbound rules. Be sure that your IP address and the port of your Amazon Redshift cluster are allowed in the inbound rules for the VPC network ACL. In the outbound rules, allow all traffic (port range: 0–65535) to your IP address. For more information, see Adding and deleting rules.
VPC route table
Verify route table settings on the Amazon VPC console. To connect to a publicly accessible cluster from the public internet, an internet gateway (as a target with source 0.0.0.0/0 or a public IP CIDR) must be attached to the route table. The route table must be associated with the VPC subnet where your cluster resides. For more information, see Enabling internet access.
If you don’t want to make the subnet publicly accessible because of other resources that are in that subnet, use a snapshot to restore the cluster into a public subnet.
If you still have connection problems, use network diagnostic tools such as Telnet and tcpdump for additional troubleshooting.