stackoom
  简体   繁体   中英

Can not connect to my Redshift cluster in private subnet

 原文  2019-12-28 04:50:34       amazon-web-services/ amazon-redshift/ vpc

Question

I have set up a VPC using a suggested approach as discussed on Linux Bastion Host Quick Start .

I have also created a Redshift cluster in one of private subnets and also created its dedicated security group with no rule restrictions. That is for both inbound and outbound rules for Redshift I am assigning all traffics and ports (0.0.0.0/0). I am even doing the same for the public EC2 instance on public subnet.

I can successfully ssh to my public bastion instances but from there I can not telnet to my Redshift endpoint.

[ec2-user@ip-10-0-141-20 ~]$ telnet ******.redshift.amazonaws.com 5439
Trying 10.0.20.169...
Connected to ******.redshift.amazonaws.com.
Escape character is '^]'.
Connection closed by foreign host.

I am not sure what is wrong with my configurations. In Redshift I have disabled both public access and VPC routing.

1 answers

solution1
 1 ACCPTED  2019-12-28 07:23:11

I assume that your situation is:

  • You have an Amazon Redshift cluster in a private subnet
  • You have a Bastion server in a public subnet of the same VPC
  • You wish to connect an SQL Client on your computer to the Redshift cluster

A way to do this would be:

  • Use Port Forwarding to connect to the Redshift cluster via the Bastion host
  • If you are using a Linux/Mac:
ssh-add keypair.pem
ssh -A ec2-user@BASTION-IP -L 5439:xyz.redshift.amazonaws.com:5439

(This says: Forward local port 5439 to the bastion, where is should send traffic to the Redshift cluster on port 5439 )

  • If you are using Windows, then you can use Pageant and PuTTY
  • Then, configure your SQL Client to connect to Redshift with server=localhost and port=5439 , together with your login credentials

If the above does not work, some things to check:

  • The Security Group on the Redshift Cluster should allow inbound connections on port 5439 from the Bastion (or from the whole VPC or from 0.0.0.0/0
  • The outbound rules on the Bastion should remain at their default setting of allowing all outbound traffic

If things are still going wrong, you can test the Redshift connection by installing psql on the Bastion and attempting a connection to Redshift. (Redshift was forked from PostgreSQL, so it behaves similarly).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can not copy data from s3 to redshift cluster in a private subnet Best way to connect to a private redshift cluster Can we connect private subnet lambda to resources in public subnet? API connection to redshift in a private subnet? Why can't I connect to my AWS Redshift Serverless cluster from my laptop? How can I connect to my redshift cluster using Node.js? Can an EMR cluster be launched into a private VPC subnet with no public IPs that accesses the internet through a NAT instance in a public subnet? How To Secure Erlang Cluster Behind Private Subnet AWS-CDK EKS Cluster can not be created in a VPC without at least 1 private subnet Connecting to a S3 bucket from a Redshift Cluster in Subnet
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM