Amazon Redshift is a completely managed, petabyte-scale information warehouse service within the cloud. With Amazon Redshift, you may analyze all of your information to derive holistic insights about your enterprise and your clients.

Amazon Redshift now helps {custom} URLs or {custom} domains on your information warehouse. You would possibly need to use a {custom} area identify or CNAME (Canonical Identify) for the next causes:

• A {custom} area identify is easy to recall and use.
• Routing connections is much less disruptive. The connections from the shopper are pointed to the DNS file and never the server identify. This allows you to simply route connections to new clusters in failover or catastrophe restoration eventualities.
• Now you can obfuscate your server names with a pleasant {custom} area identify.
• It helps you keep away from software code or connectivity adjustments in case the underlying information warehouse is migrated to a special Area or the endpoint is modified.

On this submit, we focus on how one can modify your information warehouse to make use of {custom} domains and the way to connect with an information warehouse that has been configured with a {custom} URL.

Pre-requisites

To get began, you want a registered area identify. You should utilize Amazon Route 53 or a third-party area registrar to register a website.

You additionally want a validated Safe Sockets Layer (SSL) certificates on your {custom} endpoints. That is to confirm possession of the area identify and safe communication. You should utilize AWS Certificates Supervisor (ACM) to provision, handle, and deploy public SSL/TLS certificates. That you must use verify-full mode, which ensures that the connections are encrypted and verifies that the hostname of the server matches the hostname within the certificates.

Lastly, you want to connect the required permissions to the AWS Id and Entry Administration (IAM) function that’s assigned to the related customers and teams that can handle your Redshift information warehouse. These range relying on in the event you’re utilizing Amazon Redshift provisioned or Amazon Redshift Serverless. The permissions wanted for the required actions are listed within the following desk.

The next screenshot exhibits an instance of making an IAM coverage on the IAM console.

Creating DNS CNAME entry for {custom} area identify

The {custom} area identify sometimes consists of the basis area and a subdomain, like mycluster.mycompany.com. You’ll be able to both register a brand new root area or use an current one. For extra details about registering a brand new area with Route 53, check with Registering a brand new area.

After you set that up, you may add a DNS file that factors your {custom} CNAME to the Redshift endpoint. You could find the information warehouse endpoint on the Amazon Redshift console on the cluster element web page.

The next screenshot illustrates finding a provisioned endpoint.

The next screenshot illustrates finding a serverless endpoint.

Now that you’ve got created the CNAME entry, you may request a certificates from ACM. Full the next steps:

1. Open the ACM console and select Request a certificates.
   
2. For Absolutely certified area identify, enter your {custom} area identify.
3. Select Request.
   
4. Affirm that the request is validated by the proprietor of the area by checking the standing of the certificates.

The standing needs to be Issued.

Now that you’ve got created the CNAME file and certificates, you may create the {custom} area URL on your Redshift cluster utilizing the Amazon Redshift console.

Creating {custom} area for a provisioned occasion

To create a {custom} area for a provisioned occasion, full the next steps:

1. On the Amazon Redshift console, navigate to your provisioned occasion element web page.
2. On the Actions menu, select Create {custom} area identify.
   
3. For Customized area identify, enter the CNAME file on your Redshift provisioned cluster.
4. For ACM certificates, select the suitable certificates.
5. Select Create.
   

You need to now have a {custom} area identify related to your provisioned information warehouse. The {custom} area identify and {custom} area certificates ARN values ought to now be populated together with your entries.

Be aware that sslmode=verify-full will solely work for the brand new {custom} endpoint. You’ll be able to’t use this mode with the default endpoint; you may hook up with the default endpoint through the use of different SSL modes like sslmode=verify-ca.

Create a {custom} area for a serverless occasion

To create a {custom} area for a serverless occasion, full the next steps:

1. On the Amazon Redshift console, navigate to your serverless occasion element web page.
2. On the Actions menu, select Create {custom} area identify.
   
3. For Customized area identify, enter the CNAME file on your Redshift Serverless workgroup.
4. For ACM certificates, select the suitable certificates.
5. Select Create.
   

You need to now have a {custom} area identify related to your serverless workgroup. The {custom} area identify and {custom} area certificates ARN values ought to now be populated together with your entries.

Be aware that, as with a provisioned occasion, sslmode=verify-full will solely work for the brand new {custom} endpoint. You’ll be able to’t use this mode with the default endpoint; you may hook up with the default endpoint through the use of different SSL modes like sslmode=verify-ca.

Join utilizing {custom} area identify

Now you can hook up with your cluster utilizing the {custom} area identify. The JDBC URL can be much like jdbc:redshift://prefix.rootdomain.com:5439/dev?sslmode=verify-full, the place prefix.rootdomain.com is your {custom} area identify and dev is the default database. Use your most popular editor to connect with this URL utilizing your person identify and password.

Replace the certificates affiliation on your provisioned {custom} area

To replace the certificates affiliation utilizing the Amazon Redshift console, navigate to your provisioned cluster particulars web page and on the Actions menu, select Edit {custom} area identify. Replace the area identify and ACM certificates, then select Save adjustments.

To alter the cluster’s ACM certificates related to the {custom} area utilizing the AWS Command Line Interface (AWS CLI), use the next command:

aws redshift modify-custom-domain-association --cluster-identifier <clustername> --custom-domain-certificate-arn <newCertArn> --custom-domain-name <currentDomainNameOfCluster>

Replace the certificates on your serverless {custom} area

To replace the certificates utilizing the Amazon Redshift console, navigate to your serverless workgroup particulars web page and on the Actions menu, select Edit {custom} area identify. Replace the area identify and ACM certificates, then select Save adjustments.

To alter the serverless workgroup’s ACM certificates related to the {custom} area utilizing the AWS CLI, use the next command:

aws redshift-serverless update-custom-domain-association --region <aws-region> ----custom-domain-name <currentCustomDomainName> --custom-domain-certificate-arn <NewCustomdomaincertarn> --workgroup-name<workgroupname>

Delete a {custom} provisioned area

To delete your {custom} area, navigate to the provisioned cluster particulars web page. On the Actions menu, select Delete {custom} area identify. Enter delete to verify, then select Delete.

 To make use of the AWS CLI, use the next code:

aws redshift delete-custom-domain-association --cluster-identifier <ClusterName> --region <ClusterRegion>  --custom-domain-name <currentDomainName>

Delete a {custom} serverless area

To delete your {custom} area, navigate to the serverless workgroup particulars web page. On the Actions menu, select Delete {custom} area identify. Enter delete to verify, then select Delete.

To make use of the AWS CLI, use the next code:

aws redshift-serverless delete-custom-domain-association --workgroup-name <workgroupname> --custom-domain-name <CurrentCustomDomainName>

Conclusion

On this submit, we mentioned the advantages of utilizing {custom} domains on your Redshift information warehouse and the steps wanted to affiliate a {custom} area identify with the Redshift endpoint. For extra info, check with Utilizing a {custom} area identify for shopper connections.

In regards to the Authors

Raghu Kuppala is an Analytics Specialist Options Architect skilled working within the databases, information warehousing, and analytics area. Outdoors of labor, he enjoys attempting completely different cuisines and spending time along with his household and mates.

Sam Selvan is a Principal Analytics Resolution Architect with Amazon Internet Companies.

Yanzhu Ji is a Product Supervisor within the Amazon Redshift staff. She has expertise in product imaginative and prescient and technique in industry-leading information merchandise and platforms. She has excellent talent in constructing substantial software program merchandise utilizing internet improvement, system design, database, and distributed programming strategies. In her private life, Yanzhu likes portray, images, and enjoying tennis.

Nikhitha Loyapally is a Senior Software program Improvement Engineer for Amazon Redshift.