LogoLogo
  • Getting Started
    • Welcome to Teleskope.ai
    • Your Journey with Teleskope
  • The Platform
    • Data Catalog
    • Data Subject Rights
      • Integrations
      • Enroll Third Party Integrations
        • Amplitude
        • Google Analytics
        • Salesforce
        • Bazaar Voice
      • Enroll Structured Databases
      • Deletion Methods
    • Policy Maker
    • Issues
    • API Service
      • Scanning API
        • v1/classify
        • v1/classifyCollection
        • v1/scan
      • Redaction API
        • v1/scrub
      • Data Subject Rights
        • GET v1/dsr/requests
        • POST v1/dsr/requests
      • Metadata
        • v1/aws/rds
        • v1/aws/s3
        • v1/snowflake
        • v1/snowflake/users
        • v1/gcp/bigquery
        • v1/gcp/cloudstorage
        • v1/gcp/cloudsql
  • Setup
    • Deployment
    • Role Based Access Control
    • SSO
      • Okta
      • Microsoft Entra
      • Google Auth
  • Specifications
    • Data Store Coverage
    • Compliance Frameworks
    • Redaction Methodologies
    • Data Elements
  • Connectors
    • AWS
      • Athena
      • RDS
      • DynamoDB
      • Redshift
      • S3
      • SNS
      • SQS
    • GCP
      • Cloud Storage
      • Grant Teleskope Access to BigQuery
      • CloudSQL
      • Grant Teleskope Access to CloudLogging
    • SaaS
      • Github
      • Google Drive
      • Jira
      • Segment
      • Zendesk
      • DropBox
      • Box
      • Bitbucket
      • Slack
      • Sharepoint Online
    • Snowflake
    • Azure
      • Azure SQL
      • Azure Database
      • Blob Storage
      • CosmosDB
      • Synapse
    • Databricks
  • DSR
  • Alerting Integrations
    • Slack
    • Tines
Powered by GitBook
On this page
  • Requirements
  • Grant Teleskope IAM Access to Redshift
  • Terraform
  • Teleskope Database User
  • Create database user
  • Grant read access
  • Grant write access

Was this helpful?

  1. Connectors
  2. AWS

Redshift

Requirements

Name
Description

Teleskope Role

Attach Redshift read and/or write permissions to the Teleskope IAM role you created

Username and password

Create a read and/or write database user for each Redshift cluster you'd like us to scan

SSH Tunnel (Optional)

If your Redshift instances are in a private subnet and you don't want to enable VPC peering, create a bastion host for us to use to access your Redshift instances.

Grant Teleskope IAM Access to Redshift

Attach the AmazonRedshiftDataFullAccess and AmazonRedshiftReadOnlyAccess to the Teleskope role you created.

Terraform

resource "aws_iam_role_policy_attachment" "redshift_data_policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess"
}

resource "aws_iam_role_policy_attachment" "redshift__policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess"
}

Teleskope Database User

For each Redshift cluster you would like to scan using Teleskope, you will need to create a database user, and grant that user read permissions.

Create database user

CREATE USER teleskope WITH PASSWORD  '****PASSWORD****'

Grant read access

GRANT SELECT ON svv_all_schemas TO teleskope_ro;
GRANT SELECT ON svv_table_info TO teleskope_ro;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog


-- Grant select to each Redshift schema
GRANT USAGE ON SCHEMA {schema} TO teleskope;
GRANT SELECT ON ALL TABLES IN SCHEMA {schema} TO teleskope;

Grant write access

For each redshift schema:

GRANT UPDATE, DELETE ON ALL TABLES IN SCHEMA {schema} TO teleskope;
PreviousDynamoDBNextS3

Last updated 7 months ago

Was this helpful?