Preparation
To allow Shaped to connect to your Redshift data warehouse, you need to create a read-only user and share its credentials through the Create Model request. You can create this user with the following steps on your Redshift cluster:
# 1. Create a new user.
CREATE USER read_only_user WITH PASSWORD 'secure_password1!';
# 2. Create a group for granting/revoking permissions.
CREATE GROUP read_only_group;
# 3. Add user to group.
ALTER GROUP read_only_group ADD USER read_only_user;
# 4. Revoke default granted create rights in schema from group.
REVOKE CREATE ON SCHEMA public FROM GROUP read_only_group;
# 5. Grant the group usage access to the schema.
GRANT USAGE ON SCHEMA public TO group read_only_group;
# 6. Grant the group read access to all the tables in the schema. Note you can also
# restrict this to your specific user, item and interaction views.
GRANT SELECT ON ALL TABLES IN SCHEMA public TO group read_only_group;
# 7. Grant the group access to future tables in the schema.
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO group read_only_group;
You’ll also need to create an associated IAM role for Shaped to access your Redshift cluster and staging location.
Connector Config Definition
Below are the fields required for the Redshift connector_config
"connector_configs": [{
"type": "Redshift",
"id": "redshift",
"cluster_id": "cluster_name",
"user": "cluster_username",
"region": "cluster_region",
"database": "cluster_database",
"iam_role": "read_access_iam_role_arn",
"s3_staging_location": "cluster_staging_s3_path"
}]
| Field | Example | Description |
|---|---|---|
| type | “Redshift” | Specifies the connector type, in this case “Redshift”. |
| id | “redshift” | Specifies the connector id, in this case “eedshift”. |
| cluster_id | “my_cluster” | Cluster name containing your user, item, and interaction tables. |
| user | your_user | Access account username. |
| region | “us-east-2” | Cluster region. |
| database | “movielens” | The name of the database containing your cluster. |
| iam_role | "arn:aws:iam::XXXXXXXXXXXX:role/service-role/Redshift-AccessRole” | The arn of the IAM role with read access to your cluster and staging location. |
| s3_staging_location | “s3://path/to/staging/location” | The s3 bucket for Redshift to stage data for reading. |