You are here:
Add a Private Network Route for Redshift
To enable federation connections, connect your Redshift data source and your Data Cloud tenant with a dedicated network route using Private Connect for Data Cloud. Private Connect supports self-managed PrivateLink. Redshift-managed PrivateLink isn't currently supported.
Required Editions
| Available in: All Editions supported by Data 360. See Data 360 edition availability. |
| User Permissions Needed | |
|---|---|
| To create a Redshift network route | Data Cloud Architect permission set OR Manage External Connections or Customize Application permissions |
| To administer an AWS environment | AWS account administrator |
- Configure a PrivateLink endpoint service for your Redshift cluster.
- Verify the Security Group rules can accept traffic from the Network Load Balancer (NLB) created for this endpoint service.
- Verify that the target group is connected to the NLB so that the NLB knows where to route requests.
- Make sure that the security group associated with the NLB allows inbound traffic on port 5439 port.
- If your Redshift and Data Cloud instances are in different regions, verify that the region of your Data Cloud instance is selected under Supported Regions.
- The Data Cloud VPC endpoint ID and Data Cloud DNS Name are available on the details page of the network route after it's provisioned. In some case you may need to modify your network policy to include the Data Cloud VPC endpoint ID. An alternative method is to add the internal IP address range 10.0.0.0/8 to your network policy's allowed list. This reserved address range is specifically designated for private networks and allows traffic to originate from a wide range of private Data Cloud IP addresses.
See the AWS Big Data Blog series for more information:
- Part 1: For Data Federation, see Harness Zero Copy data sharing from Salesforce Data Cloud to Amazon Redshift for Unified Analytics
- Part 2: For Data Share, see Zero Copy data sharing from Salesforce Data Cloud
- Part 3: For Private Connect for Data Cloud, see Enhance Agentforce data security with Private Connect for Salesforce Data Cloud and Amazon Redshift
- From the App Launcher, select Data Cloud.
- From Setup, select Data Cloud Setup.
- From Data Cloud Setup, expand Admin Tools and select Private Connect.
- Click New.
- Select Redshift, and click Setup.
-
For Step 1, add the Principal ID to your AWS VPC endpoint service:
- Copy the generated Principle ID.
- Go to your AWS account.
- Under Virtual private cloud, select Endpoint services.
- Select the check box next to the Service ID of the VPC endpoint service.
- On the Allow principals tab, click Allow principals.
- In the Principals section, paste the principal ARN that you copied earlier.
- Click Allow principals.
-
In your AWS account, select the VPC endpoint service that you want to use to access
your Redshift cluster.
- Under Virtual private cloud, select Endpoint services.
- Select the relevant endpoint service.
-
Go to the Details tab and copy the Service name.
The Service name is in the format of:
com.amazonaws.vpce.<region>.<account_ID>
-
For Step 2, in the Configure Amazon Redshift Private Network Route page:
-
Enter a name and an API name for the network route and the network API name.
You can’t change the route name after you save it.
- (Optional) Enter a description for the network route.
-
Paste the name of your VPC endpoint service in the
format:
com.amazonaws.vpce.<region>.<account_ID> - Click Save.
-
Enter a name and an API name for the network route and the network API name.
- In the AWS VPC dashboard, accept the network connectivity request.
The Data Cloud VPC endpoint ID and Data Cloud DNS Name are available on the details page of the network route after it's provisioned. In some case you may need to modify your network policy to include the Data Cloud VPC endpoint ID.
When the network provisioning completes successfully, you can create a federated connection for Redshift. There can be a brief delay before you can create a federated connection or data share due to DNS configuration.
