Privacy Dynamics can connect to your Redshift cluster. This guide helps you authenticate and authorize Privacy Dynamics to access your data in Redshift.
To complete this guide, you will need the following:
- An AWS account with an active Redshift cluster.
- A Redshift user with CREATEUSER privileges (a superuser).
- A Privacy Dynamics account.
Before you can connect to Redshift in Privacy Dynamics, you will want to create a new service account user and role for Privacy Dynamics to use.
Configure Your Redshift Cluster
Our Redshift integration must be able to COPY data from a temporary file in an S3 bucket. By default, we provide this bucket for you and authorize your cluster to copy from it. If you need another solution, please reach out to us.
The following script completes the setup for our service account. You will need to customize this with the names of your databases, schemas, and service account user, and then execute it in your cluster using a superuser.
-- create the service account user and role create user svc_pvcy password 'MyLongAndSecretPassword987654321'; create role anonymizer; revoke all from role anonymizer; -- CONFIGURE ORIGIN SCHEMA(s) -- any existing schemas that you want us to read from need their own grants -- we require usage on the schema and select on any tables/views in that schema grant usage on schema raw_sensitive to role anonymizer; grant select on all tables in schema raw_sensitive to role anonymizer; -- optionally grant access to any future tables or views in source schema. -- this command is not supported for roles, so must use the user name. -- note: before dropping the svc_pvcy user, you will have to revoke this default priv. alter default privileges for user <user that creates tables in this schema> in schema raw_sensitive grant select on tables to svc_pvcy; -- CONFIGURE DESTINATION SCHEMA(s) -- Option 1: Allow us to create new schemas in the destination database grant create on database dev to role anonymizer; -- Option 2: Allow us to write to an existing schema owned by another user grant usage on schema privacy_safe to role anonymizer; grant create on schema privacy_safe to role anonymizer; -- GRANT ROLE TO USER grant role anonymizer to svc_pvcy;
Add the Redshift Connection in Privacy Dynamics
- Sign in to your Privacy Dynamics account.
- Go to the Connections page.
- Select Add Connection.
- Choose Redshift and select Next.
- Enter the connection details:
- Name - a name for you to identify the connection.
- Host - the endpoint, without the port or database name. Takes the form
- Port - the port we use to connect to your cluster. The default is
- Username - the username of the service account we created earlier (
- Password - the password for the service account user.
- Database - the name of the database you would like to use.
- Select TEST CONNECTION to verify the credentials.
- Select ADD CONNECTION and your connection saves if there are no errors.
Using SSH Forwarding
Privacy Dynamics supports the use of an SSH "jump box" or bastion host for Redshift connections. When creating the connection, select Use SSH, and then supply the SSH Host, SSH Port, SSH Username, and SSH Private Key fields. For more details and a tutorial on using SSH with Privacy Dynamics, please see this walkthrough video.
If you have network access controls in place that limit connections to Redshift or your SSH bastion host, you will need to add Privacy Dynamics' IP addresses to your Allowlist. You can find those IP addresses in this public JSON file.