The CDK Construct Library for AWS::Redshift

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Apache-2.0)
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

Amazon Redshift Construct Library

---

cdk-constructs: Experimental

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Starting a Redshift Cluster Database

To set up a Redshift cluster, define a Cluster. It will be launched in a VPC. You can specify a VPC, otherwise one will be created. The nodes are always launched in private subnets and are encrypted by default.

import aws_cdk.aws_ec2 as ec2


vpc = ec2.Vpc(self, "Vpc")
cluster = Cluster(self, "Redshift",
    master_user=Login(
        master_username="admin"
    ),
    vpc=vpc
)

By default, the master password will be generated and stored in AWS Secrets Manager.

A default database named default_db will be created in the cluster. To change the name of this database set the defaultDatabaseName attribute in the constructor properties.

By default, the cluster will not be publicly accessible. Depending on your use case, you can make the cluster publicly accessible with the publiclyAccessible property.

Connecting

To control who can access the cluster, use the .connections attribute. Redshift Clusters have a default port, so you don't need to specify the port:

cluster.connections.allow_default_port_from_any_ipv4("Open to the world")

The endpoint to access your database cluster will be available as the .clusterEndpoint attribute:

cluster.cluster_endpoint.socket_address

Rotating credentials

When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:

cluster.add_rotation_single_user()

The multi user rotation scheme is also available:

import aws_cdk.aws_secretsmanager as secretsmanager


cluster.add_rotation_multi_user("MyUser",
    secret=secretsmanager.Secret.from_secret_name_v2(self, "Imported Secret", "my-secret")
)

Database Resources

This module allows for the creation of non-CloudFormation database resources such as users and tables. This allows you to manage identities, permissions, and stateful resources within your Redshift cluster from your CDK application.

Because these resources are not available in CloudFormation, this library leverages custom resources to manage them. In addition to the IAM permissions required to make Redshift service calls, the execution role for the custom resource handler requires database credentials to create resources within the cluster.

These database credentials can be supplied explicitly through the adminUser properties of the various database resource constructs. Alternatively, the credentials can be automatically pulled from the Redshift cluster's default administrator credentials. However, this option is only available if the password for the credentials was generated by the CDK application (ie., no value vas provided for the masterPassword property of Cluster.masterUser).

Creating Users

Create a user within a Redshift cluster database by instantiating a User construct. This will generate a username and password, store the credentials in a AWS Secrets Manager Secret, and make a query to the Redshift cluster to create a new database user with the credentials.

User(self, "User",
    cluster=cluster,
    database_name="databaseName"
)

By default, the user credentials are encrypted with your AWS account's default Secrets Manager encryption key. You can specify the encryption key used for this purpose by supplying a key in the encryptionKey property.

import aws_cdk.aws_kms as kms


encryption_key = kms.Key(self, "Key")
User(self, "User",
    encryption_key=encryption_key,
    cluster=cluster,
    database_name="databaseName"
)

By default, a username is automatically generated from the user construct ID and its path in the construct tree. You can specify a particular username by providing a value for the username property. Usernames must be valid identifiers; see: Names and identifiers in the Amazon Redshift Database Developer Guide.

User(self, "User",
    username="myuser",
    cluster=cluster,
    database_name="databaseName"
)

The user password is generated by AWS Secrets Manager using the default configuration found in secretsmanager.SecretStringGenerator, except with password length 30 and some SQL-incompliant characters excluded. The plaintext for the password will never be present in the CDK application; instead, a CloudFormation Dynamic Reference will be used wherever the password value is required.

Creating Tables

Create a table within a Redshift cluster database by instantiating a Table construct. This will make a query to the Redshift cluster to create a new database table with the supplied schema.

Table(self, "Table",
    table_columns=[Column(name="col1", data_type="varchar(4)"), Column(name="col2", data_type="float")],
    cluster=cluster,
    database_name="databaseName"
)

The table can be configured to have distStyle attribute and a distKey column:

Table(self, "Table",
    table_columns=[Column(name="col1", data_type="varchar(4)", dist_key=True), Column(name="col2", data_type="float")
    ],
    cluster=cluster,
    database_name="databaseName",
    dist_style=TableDistStyle.KEY
)

The table can also be configured to have sortStyle attribute and sortKey columns:

Table(self, "Table",
    table_columns=[Column(name="col1", data_type="varchar(4)", sort_key=True), Column(name="col2", data_type="float", sort_key=True)
    ],
    cluster=cluster,
    database_name="databaseName",
    sort_style=TableSortStyle.COMPOUND
)

Granting Privileges

You can give a user privileges to perform certain actions on a table by using the Table.grant() method.

user = User(self, "User",
    cluster=cluster,
    database_name="databaseName"
)
table = Table(self, "Table",
    table_columns=[Column(name="col1", data_type="varchar(4)"), Column(name="col2", data_type="float")],
    cluster=cluster,
    database_name="databaseName"
)

table.grant(user, TableAction.DROP, TableAction.SELECT)

Take care when managing privileges via the CDK, as attempting to manage a user's privileges on the same table in multiple CDK applications could lead to accidentally overriding these permissions. Consider the following two CDK applications which both refer to the same user and table. In application 1, the resources are created and the user is given INSERT permissions on the table:

database_name = "databaseName"
username = "myuser"
table_name = "mytable"

user = User(self, "User",
    username=username,
    cluster=cluster,
    database_name=database_name
)
table = Table(self, "Table",
    table_columns=[Column(name="col1", data_type="varchar(4)"), Column(name="col2", data_type="float")],
    cluster=cluster,
    database_name=database_name
)
table.grant(user, TableAction.INSERT)

In application 2, the resources are imported and the user is given INSERT permissions on the table:

database_name = "databaseName"
username = "myuser"
table_name = "mytable"

user = User.from_user_attributes(self, "User",
    username=username,
    password=SecretValue.plain_text("NOT_FOR_PRODUCTION"),
    cluster=cluster,
    database_name=database_name
)
table = Table.from_table_attributes(self, "Table",
    table_name=table_name,
    table_columns=[Column(name="col1", data_type="varchar(4)"), Column(name="col2", data_type="float")],
    cluster=cluster,
    database_name="databaseName"
)
table.grant(user, TableAction.INSERT)

Both applications attempt to grant the user the appropriate privilege on the table by submitting a GRANT USER SQL query to the Redshift cluster. Note that the latter of these two calls will have no effect since the user has already been granted the privilege.

Now, if application 1 were to remove the call to grant, a REVOKE USER SQL query is submitted to the Redshift cluster. In general, application 1 does not know that application 2 has also granted this permission and thus cannot decide not to issue the revocation. This leads to the undesirable state where application 2 still contains the call to grant but the user does not have the specified permission.

Note that this does not occur when duplicate privileges are granted within the same application, as such privileges are de-duplicated before any SQL query is submitted.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Apache-2.0)
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

2.243.0a0 pre-release

2.242.0a0 pre-release

2.241.0a0 pre-release

2.240.0a0 pre-release

2.239.0a0 pre-release

2.238.0a0 pre-release

2.237.1a0 pre-release

2.237.0a0 pre-release

2.236.0a0 pre-release

2.235.1a0 pre-release

2.235.0a0 pre-release

2.234.1a0 pre-release

2.234.0a0 pre-release

2.233.0a0 pre-release

2.232.2a0 pre-release

2.232.1a0 pre-release

2.232.0a0 pre-release

2.231.0a0 pre-release

2.230.0a0 pre-release

2.229.1a0 pre-release

2.229.0a0 pre-release

2.228.0a0 pre-release

2.227.0a0 pre-release

2.226.0a0 pre-release

2.225.0a0 pre-release

2.224.0a0 pre-release

2.223.0a0 pre-release

2.222.0a0 pre-release

2.221.1a0 pre-release

2.221.0a0 pre-release

2.220.0a0 pre-release

2.219.0a0 pre-release

2.218.0a0 pre-release

2.217.0a0 pre-release

2.216.0a0 pre-release

2.215.0a0 pre-release

2.214.1a0 pre-release

2.214.0a0 pre-release

2.213.0a0 pre-release

2.212.0a0 pre-release

2.211.0a0 pre-release

2.210.0a0 pre-release

2.209.1a0 pre-release

2.209.0a0 pre-release

2.208.0a0 pre-release

2.207.0a0 pre-release

2.206.0a0 pre-release

2.205.0a0 pre-release

2.204.0a0 pre-release

2.203.1a0 pre-release

2.203.0a0 pre-release

2.202.0a0 pre-release

2.201.0a0 pre-release

2.200.2a0 pre-release

2.200.1a0 pre-release

2.200.0a0 pre-release

2.199.0a0 pre-release

2.198.0a0 pre-release

2.197.0a0 pre-release

2.196.1a0 pre-release

2.196.0a0 pre-release

2.195.0a0 pre-release

2.194.0a0 pre-release

2.193.0a0 pre-release

2.192.0a0 pre-release

2.191.0a0 pre-release

2.190.0a0 pre-release

2.189.1a0 pre-release

2.189.0a0 pre-release

2.188.0a0 pre-release

2.187.0a0 pre-release

2.186.0a0 pre-release

2.185.0a0 pre-release

2.184.1a0 pre-release

2.184.0a0 pre-release

2.183.0a0 pre-release

2.182.0a0 pre-release

2.181.1a0 pre-release

2.181.0a0 pre-release

2.180.0a0 pre-release

2.179.0a0 pre-release

2.178.2a0 pre-release

2.178.1a0 pre-release

2.178.0a0 pre-release

2.177.0a0 pre-release

2.176.0a0 pre-release

2.175.1a0 pre-release

2.175.0a0 pre-release

2.174.1a0 pre-release

2.174.0a0 pre-release

2.173.4a0 pre-release

2.173.3a0 pre-release

2.173.2a0 pre-release

2.173.1a0 pre-release

2.173.0a0 pre-release

2.172.0a0 pre-release

2.171.1a0 pre-release

2.171.0a0 pre-release

2.170.0a0 pre-release

2.169.0a0 pre-release

2.168.0a0 pre-release

2.167.2a0 pre-release

2.167.1a0 pre-release

2.167.0a0 pre-release

2.166.0a0 pre-release

2.165.0a0 pre-release

2.164.1a0 pre-release

2.164.0a0 pre-release

2.163.1a0 pre-release

2.163.0a0 pre-release

2.162.1a0 pre-release

2.162.0a0 pre-release

2.161.1a0 pre-release

2.161.0a0 pre-release

2.160.0a0 pre-release

2.159.1a0 pre-release

2.159.0a0 pre-release

2.158.0a0 pre-release

2.157.0a0 pre-release

2.156.0a0 pre-release

2.155.0a0 pre-release

2.154.1a0 pre-release

2.154.0a0 pre-release

2.153.0a0 pre-release

2.152.0a0 pre-release

2.151.1a0 pre-release

2.151.0a0 pre-release

2.150.0a0 pre-release

2.149.0a0 pre-release

2.148.1a0 pre-release

2.148.0a0 pre-release

2.147.3a0 pre-release

2.147.2a0 pre-release

2.147.1a0 pre-release

2.147.0a0 pre-release

2.146.0a0 pre-release

2.145.0a0 pre-release

2.144.0a0 pre-release

2.143.1a0 pre-release

2.143.0a0 pre-release

2.142.1a0 pre-release

2.142.0a0 pre-release

2.141.0a0 pre-release

2.140.0a0 pre-release

2.139.1a0 pre-release

2.139.0a0 pre-release

2.138.0a0 pre-release

2.137.0a0 pre-release

2.136.1a0 pre-release

2.136.0a0 pre-release

2.135.0a0 pre-release

2.134.0a0 pre-release

2.133.0a0 pre-release

2.132.1a0 pre-release

2.132.0a0 pre-release

2.131.0a0 pre-release

2.130.0a0 pre-release

2.129.0a0 pre-release

2.128.0a0 pre-release

2.127.0a0 pre-release

2.126.0a0 pre-release

2.125.0a0 pre-release

2.124.0a0 pre-release

2.123.0a0 pre-release

2.122.0a0 pre-release

2.121.1a0 pre-release

2.121.0a0 pre-release

2.120.0a0 pre-release

2.119.0a0 pre-release

2.118.0a0 pre-release

2.117.0a0 pre-release

2.116.1a0 pre-release

2.116.0a0 pre-release

2.115.0a0 pre-release

2.114.1a0 pre-release

2.114.0a0 pre-release

2.113.0a0 pre-release

2.112.0a0 pre-release

2.111.0a0 pre-release

2.110.1a0 pre-release

2.110.0a0 pre-release

2.109.0a0 pre-release

2.108.1a0 pre-release

2.108.0a0 pre-release

2.107.0a0 pre-release

2.106.1a0 pre-release

2.106.0a0 pre-release

2.105.0a0 pre-release

2.104.0a0 pre-release

2.103.1a0 pre-release

2.103.0a0 pre-release

2.102.1a0 pre-release

2.102.0a0 pre-release

2.101.1a0 pre-release

2.101.0a0 pre-release

2.100.0a0 pre-release

2.99.1a0 pre-release

2.99.0a0 pre-release

2.98.0a0 pre-release

2.97.1a0 pre-release

2.97.0a0 pre-release

2.96.2a0 pre-release

2.96.1a0 pre-release

2.96.0a0 pre-release

2.95.1a0 pre-release

2.95.0a0 pre-release

2.94.0a0 pre-release

2.93.0a0 pre-release

2.92.0a0 pre-release

2.91.0a0 pre-release

2.90.0a0 pre-release

2.89.0a0 pre-release

2.88.0a0 pre-release

2.87.0a0 pre-release

2.86.0a0 pre-release

2.85.0a0 pre-release

2.84.0a0 pre-release

2.83.1a0 pre-release

2.83.0a0 pre-release

2.82.0a0 pre-release

2.81.0a0 pre-release

2.80.0a0 pre-release

2.79.1a0 pre-release

2.79.0a0 pre-release

2.78.0a0 pre-release

2.77.0a0 pre-release

2.76.0a0 pre-release

2.75.1a0 pre-release

2.75.0a0 pre-release

2.74.0a0 pre-release

2.73.0a0 pre-release

2.72.1a0 pre-release

2.72.0a0 pre-release

2.71.0a0 pre-release

2.70.0a0 pre-release

2.69.0a0 pre-release

2.68.0a0 pre-release

2.67.0a0 pre-release

2.66.1a0 pre-release

2.66.0a0 pre-release

2.65.0a0 pre-release

2.64.0a0 pre-release

2.63.2a0 pre-release

2.63.1a0 pre-release

2.63.0a0 pre-release

2.62.2a0 pre-release

2.62.1a0 pre-release

2.62.0a0 pre-release

2.61.1a0 pre-release

2.61.0a0 pre-release

2.60.0a0 pre-release

2.59.0a0 pre-release

2.58.1a0 pre-release

2.58.0a0 pre-release

2.57.0a0 pre-release

2.56.1a0 pre-release

2.56.0a0 pre-release

2.55.1a0 pre-release

2.55.0a0 pre-release

2.54.0a0 pre-release

2.53.0a0 pre-release

2.52.1a0 pre-release

2.52.0a0 pre-release

2.51.1a0 pre-release

2.51.0a0 pre-release

2.50.0a0 pre-release

2.49.1a0 pre-release

2.49.0a0 pre-release

2.48.0a0 pre-release

2.47.0a0 pre-release

2.46.0a0 pre-release

2.45.0a0 pre-release

2.44.0a0 pre-release

2.43.1a0 pre-release

2.43.0a0 pre-release

2.42.1a0 pre-release

2.42.0a0 pre-release

2.41.0a0 pre-release

2.40.0a0 pre-release

2.39.1a0 pre-release

2.39.0a0 pre-release

2.38.1a0 pre-release

2.38.0a0 pre-release

2.37.1a0 pre-release

2.37.0a0 pre-release

2.36.0a0 pre-release

2.35.0a0 pre-release

2.34.2a0 pre-release

2.34.1a0 pre-release

2.34.0a0 pre-release

2.33.0a0 pre-release

2.32.1a0 pre-release

2.32.0a0 pre-release

2.31.2a0 pre-release

2.31.1a0 pre-release

2.31.0a0 pre-release

2.30.0a0 pre-release

2.29.1a0 pre-release

2.29.0a0 pre-release

2.28.1a0 pre-release

2.28.0a0 pre-release

2.27.0a0 pre-release

2.26.0a0 pre-release

2.25.0a0 pre-release

2.24.1a0 pre-release

2.24.0a0 pre-release

2.23.0a0 pre-release

2.22.0a0 pre-release

2.21.1a0 pre-release

2.21.0a0 pre-release

2.20.0a0 pre-release

2.19.0a0 pre-release

2.18.0a0 pre-release

2.17.0a0 pre-release

2.16.0a0 pre-release

2.15.0a0 pre-release

2.14.0a0 pre-release

2.13.0a0 pre-release

2.12.0a0 pre-release

2.11.0a0 pre-release

2.10.0a0 pre-release

2.9.0a0 pre-release

2.8.0a0 pre-release

2.7.0a0 pre-release

2.6.0a0 pre-release

2.5.0a0 pre-release

2.4.0a0 pre-release

2.3.0a0 pre-release

This version

2.2.0a0 pre-release

2.1.0a0 pre-release

2.0.0rc24 pre-release

2.0.0rc23 pre-release

2.0.0a11 pre-release

2.0.0a10 pre-release

2.0.0a9 pre-release

2.0.0a8 pre-release

2.0.0a7 pre-release

2.0.0a6 pre-release

2.0.0a5 pre-release

2.0.0a4 pre-release

2.0.0a3 pre-release

2.0.0a2 pre-release

2.0.0a1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cdk.aws-redshift-alpha-2.2.0a0.tar.gz (121.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aws_cdk.aws_redshift_alpha-2.2.0a0-py3-none-any.whl (120.2 kB view details)

Uploaded Python 3

File details

Details for the file aws-cdk.aws-redshift-alpha-2.2.0a0.tar.gz.

File metadata

  • Download URL: aws-cdk.aws-redshift-alpha-2.2.0a0.tar.gz
  • Upload date:
  • Size: 121.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.5

File hashes

Hashes for aws-cdk.aws-redshift-alpha-2.2.0a0.tar.gz
Algorithm Hash digest
SHA256 b390204eb96a52f6973a40b4d8648c3ba51d2af070a093aea1abfc3001cf2e1b
MD5 23008bee164d03a66f36cf735578537d
BLAKE2b-256 d888f868339b038db282066a3dd5412b537ee36e6f01cd186157a4357cf7b9c8

See more details on using hashes here.

File details

Details for the file aws_cdk.aws_redshift_alpha-2.2.0a0-py3-none-any.whl.

File metadata

  • Download URL: aws_cdk.aws_redshift_alpha-2.2.0a0-py3-none-any.whl
  • Upload date:
  • Size: 120.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.5

File hashes

Hashes for aws_cdk.aws_redshift_alpha-2.2.0a0-py3-none-any.whl
Algorithm Hash digest
SHA256 4a17c107f66c75b3cb3ab36e78a694003426ce1823e678720b6766a3ad03bfa7
MD5 a017faed69c30b0be2594641f3bd4c84
BLAKE2b-256 4d6bfa0f12685b9babc0afdc8fa866df2fe8e82b41a40cf7748e79aa40ddfdd9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page