API connection to redshift in a private subnet?
Question
I want to setup a connection between an on premise environment for an API connection with redshift in my VPC. This requires Redshift to have a public ip and endpoint. What is the optimal and workable way to have a secure connection without broadcasting the public ip of redshift over the internet gateway?
- Can I put redshift in a subnet with an NAT Gateway? How would I manage incoming connections to redshift in this scenario?
- Would narrowing ip access from subnet level and security group level in a public subnet be sufficient?
1 answers
solution1
1 2019-03-23 08:15:36
It appears your requirement is:
- Amazon Redshift must be accessible via the Internet
- You wish to make it as secure as possible
The easiest method would be to configure the security group to only allow inbound connections to Redshift (port 5439) from your corporate IP address. This way, only traffic from your corporate network (going across the Internet) would be able to connect to the Redshift cluster.
A higher level of security group be to establish a VPN connection across the Internet between your corporate network and the VPC , then put the Redshift cluster in a private subnet.
You would have a higher-quality connection by using Direct Connect , but that would involve the expense of having a fibre connection to AWS.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.