Redshift

Requirements

Name
Description

Teleskope Role

Attach Redshift read and/or write permissions to the Teleskope IAM role you created

Username and password

Create a read and/or write database user for each Redshift cluster you'd like us to scan

SSH Tunnel (Optional)

If your Redshift instances are in a private subnet and you don't want to enable VPC peering, create a bastion host for us to use to access your Redshift instances.

Grant Teleskope IAM Access to Redshift

Attach the AmazonRedshiftDataFullAccess and AmazonRedshiftReadOnlyAccess to the Teleskope role you created.

Terraform

resource "aws_iam_role_policy_attachment" "redshift_data_policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess"
}

resource "aws_iam_role_policy_attachment" "redshift__policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess"
}

Teleskope Database User

For each Redshift cluster you would like to scan using Teleskope, you will need to create a database user, and grant that user read permissions.

Create database user

CREATE USER teleskope WITH PASSWORD  '****PASSWORD****'

Grant read access

GRANT SELECT ON svv_all_schemas TO teleskope_ro;
GRANT SELECT ON svv_table_info TO teleskope_ro;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog


-- Grant select to each Redshift schema
GRANT USAGE ON SCHEMA {schema} TO teleskope;
GRANT SELECT ON ALL TABLES IN SCHEMA {schema} TO teleskope;

Grant write access

For each redshift schema:

GRANT UPDATE, DELETE ON ALL TABLES IN SCHEMA {schema} TO teleskope;

Last updated