How can I make a private Amazon Redshift cluster publicly accessible?
Last updated: 2022-12-20
I want to update my Amazon Redshift cluster so that it is publicly accessible. How can I do this?
To modify a cluster, follow these steps:
1. From the AWS Management Console, navigate to the Amazon Redshift console.
2. On the navigation menu, choose CLUSTERS.
3. Select the cluster that you want to modify.
4. Choose Actions.
5. Choose Modify Publicly accessible setting.
6. Choose Enable.
7. Choose Save changes.
Note: An Elastic IP address is required. If you do not choose one, an address will be randomly assigned to you.
If you still can't connect to the cluster from the internet or a different network, then check the following settings.
1. Open the Amazon Redshift console.
2. Select the cluster that you want to modify.
3. Under Properties, choose Network and security settings.
4. Choose the link next to VPC security group to open the Amazon Elastic Compute Cloud (Amazon EC2) console.
5. On the Inbound Rules tab, make sure that your IP address and the port of your Amazon Redshift cluster are allowed. The default port for Amazon Redshift is 5439, but your port might be different.
Note: Although security groups are stateful, it’s a best practice to verify that the Outbound Rules allow outbound communications. By default, a security group includes an outbound rule that allows all outbound traffic. For more information, see Security group basics.
VPC network access control list (network ACL)
Unlike security groups, network ACLs are stateless. This means that you must configure both inbound and outbound rules. Make sure that your IP address and the port of your Amazon Redshift cluster are allowed in the inbound rules for the VPC network ACL. In the outbound rules, allow all traffic (port range: 0–65535) to your IP address. For more information, see Adding and deleting rules.
VPC route table
Verify route table settings on the Amazon VPC console. To connect to a publicly accessible cluster from the public internet, an internet gateway must be attached to the route table. Confirm that the internet gateway's target is set with source 0.0.0.0/0 or a public IP CIDR. The route table must be associated with the VPC subnet where your cluster resides. For more information, see Turning on internet access.
If you don’t want to make the subnet publicly accessible (because of other resources in that subnet), then use a snapshot. You can use a snapshot to restore the cluster into a public subnet.
If you still have connection problems, then use network diagnostic tools such as Telnet and tcpdump for additional troubleshooting.