#### Launch a Redshift Cluster

**WARNING:** The cluster that you are about to launch will be live, and you will be charged the standard Amazon Redshift usage fees for the cluster until you delete it. **Make sure to delete your cluster each time you're finished working to avoid large, unexpected costs for yourself.** You can always launch a new cluster, so don't leave your Redshift cluster running overnight or throughout the week if you don't need to.

##### Getting Started

* Sign in to the AWS Management Console and open the Amazon Redshift console https://console.aws.amazon.com/redshift/

<br />

|![Navigate to a new service](img/8.1.png)|
|:--:|
|*Navigate to a new service*|

<br />


* On the Amazon Redshift Dashboard, choose **Create cluster**. It will launch the Create cluster wizard.

<br />


|![Amazon Redshift dashboard](img/8.2.png)|
|:--:|
|*Amazon Redshift dashboard*|

<br />


##### Prerequisite

1. **A cluster subnet group**

      A [cluster subnet group](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-cluster-subnet-groups.html) is logical group of subnets in your existing VPC in which yu want to create your Redshift cluster.

      * Within the Redshift service, and go to **Configurations → Subnet groups**.
      * Provide the subnet group name of your choice, choose the VPC, and add all subnets of the VPC to the current cluster subnet group. See the snapshots below.
      * Click on the "Create" button, and wait until the status shows "Complete".
  
|![Amazon Redshift → Configurations → Subnet groups](img/8.3.png)|
|:--:|
|*Amazon Redshift → Configurations → Subnet groups*|

|![Amazon Redshift → Configurations → Subnet groups](img/8.4.png)|
|:--:|
|*Create a cluster subnet group from a default VPC*|

|![Amazon Redshift → Configurations → Subnet groups](img/8.5.png)|
|:--:|
|*Success message - Cluster subnet group*|

2. An IAM role, say **myRedshiftRole**, with *Redshift - Customizable* use case and `AmazonS3ReadOnlyAccess` policy attached.

3. A Security group, say **redshift_security_group**, that allows inbound traffic (from anywhere) on the port 5439 and outbound traffic to anywhere.

##### Cluster Creation

1. **Basic configuration**
    Provide a unique identifier, such as `redshift-cluster-1`, and choose the **Production** option because we want to change some of the default configuration.

    For the cluster size, choose 1 node of `dc2.large` hardware type. It is a high performance node with:
    * 2 vCPUs
    * fixed 160 GB SSD storage capacity

    <br />


    |![Cluster's basic configuration](img/8.6.png)|
    |:--:|
    |*Cluster's basic configuration*|

<br />


2. **Sample data**
    Select the checkbox to load the sample data to your Redshift cluster. It will load a sample dataset tickitDB with a sample database called TICKIT.

    |![Load sample data to your Redshift cluster](img/8.7.png)|
    |:--:|
    |*Load sample data to your Redshift cluster*|

<br />


3. **Database configurations**
    Provide the username and password for the database.

    ![table 1](img/8.8.png)

    <br />


    **Please note:** We **strongly advise** you to keep these passwords closely guarded, including not putting them in your GitHub public repo, etc. 

    |![Database configurations](img/8.9.png)|
    |:--:|
    |*Database configurations*|

<br />


4. **Cluster permissions**
    Choose the IAM role created earlier, *myRedshiftRole*, from the drop-down and click on the *Associate IAM role button*.
    
    |![Cluster permissions. Associate the custom IAM role. ](img/8.10.png)|
    |:--:|
    |*Cluster permissions. Associate the custom IAM role.*|
    
<br />


5. **Additional configurations**
    * Toggle the button to turn off the "use defaults" feature,
    * Network and security - Choose the following values:
    ![table 2](img/8.11.png)
    
    |![Do not use defaults in the Additional configurations](/img/8.12.png)|
    |:--:|
    |*Do not use defaults in the Additional configurations*|
    
    |![Network and security section](img/8.13.png)|
    |:--:|
    |*Network and security section*|
    
    <br />


    * **Additional database configurations:** The default database name and open port would be:
    ![table 3](img/8.14.png)
    
    |![Additional database configurations](img/8.15.png)|
    |:--:|
    |*Additional database configurations*|
    
<br />


6. Leave the remaining configurations as default. Review your Cluster configurations and click on the **Create cluster** button at the bottom. It will take a few minutes to create the cluster.

7. Click on the **Clusters** menu item from the left navigation pane, and look at the cluster that you just launched. Make sure that the **Status** is **Available** before you try to connect to the database later. You can expect this to take 5-10 minutes.

    |![If the status shows "Available", the Cluster is ready to be connected](img/8.16.png)|
    |:--:|
    |*If the status shows "Available", the Cluster is ready to be connected*|

#### Create an IAM User

Here, you'll create an IAM user that you will use to access your Redshift cluster.

1. Navigate to the [IAM console](https://console.aws.amazon.com/iam/). In the left navigation pane, choose **Users**, and click on the **Add User** button. It will launch a new wizard.
<br />

|![IAM Users dashboard](img/9.1.png)|
|:--:|
|*IAM Users dashboard*|

<br />

2.  **Set user details**
    
    Enter a name for your user , say airflow_redshift_user, and choose Programmatic access. Then click on the Next: Permissions button.

<br />

|![Create IAM users → Set user details](img/9.2.png)|
|:--:|
|*Create IAM users → Set user details*|

<br />

3.  **Set permissions**

    Choose Attach existing policies directly option.
    * Search for redshift and select AmazonRedshiftFullAccess.
    * Then, search for S3 and select AmazonS3ReadOnlyAccess.
  After selecting both policies, choose Next: Tags. Skip this page and choose Next: Review.
  
<br />

|![Create IAM user → Set permissions → Select AmazonRedshiftFullAccess](img/9.3.png)|
|:--:|
|*Create IAM user → Set permissions → Select AmazonRedshiftFullAccess*|

<br />

|![Create IAM user → Set permissions → Select AmazonS3ReadOnlyAccess](img/9.4.png)|
|:--:|
|*Create IAM user → Set permissions → Select AmazonS3ReadOnlyAccess*|

<br />

4. **Review** your choices and finally click on the **Create user** button.

<br />

|![Review the new IAM user details](img/9.5.png)|
|:--:|
|*Review the new IAM user details*|

<br />

5. **Save your credentials!**
    
    This is the only time you can view or download these credentials on AWS. Choose **Download .csv** to download these credentials and then save this file to a safe location. You'll need to copy and paste this **Access key ID** and **Secret access key** in the next step.

We strongly advise you to keep this **Access key ID** and **Secret access key** closely guarded, including not putting them in a GitHub public repo, etc.

<br />

|![User created successfully.](img/9.6.png)|
|:--:|
|*User created successfully.*<br />
***Copy the Access key Is and Secret access key.***|
 



#### Create an IAM Role

Here, you'll create an IAM role that you will later attach to your Redshift cluster to enable your cluster to load data from Amazon S3 buckets. Read more about IAM roles and Redshift [here](https://docs.aws.amazon.com/redshift/latest/gsg/rs-gsg-create-an-iam-role.html).

   1. Once you have signed into the AWS management console, navigate to the [IAM service dashboard](https://console.aws.amazon.com/iam/).
   2. In the left navigation pane, choose **Roles**.
   3. Choose **Create role**.

<br />

|![IAM Roles dashbaord](img/6.1.png)|
|:--:|
|*IAM Roles dashbaord*|

<br />

   4. In the **AWS Service** group as the trusted entity, and choose **Redshift** service.
   5. Under **Select your use case**, choose **Redshift - Customizable**, and then **Next: Permissions**.

<br />

![fig1](img/6.2.png)

|![Select Redshift service, and Redshift - Customizable use case](img/6.3.png)|
|:--:|
|*Select Redshift service, and Redshift - Customizable use case*|

<br />


   6. On the **Attach permissions policies page**, search for and select the **AmazonS3ReadOnlyAccess policy**, and then click on the **Next: Tags button**.
   7. Tags are optional. Click on the **Next: Review** button.

<br />

|![Select a policy to attach to the new role](img/6.4.png)|
|:--:|
|*Select a policy to attach to the new role*|

<br />


   8. For **Role name**, enter ```myRedshiftRole```, and then choose **Create Role**.

<br />

|![Provide role name and description](img/6.5.png)|
|:--:|
|*Provide role name and description*|

<br />



   9. You will see a success message when the new role will be created.

<br />

|![Role created successfully](img/6.6.png)|
|:--:|
|*Role created successfully*|

<br />

   That's great! On the next page, you'll learn to **attach this role to a new/existing cluster**.



#### Create Security Group

Here, you'll create a security group you will later use to authorize access to your Redshift cluster.

   A security group will act as firewall rules for your Redshift cluster to control inbound and outbound traffic.

   1. Navigate to the [EC2 service](https://console.aws.amazon.com/ec2)

<br />

|![Navigate to any service](img/7.1.png)|
|:--:|
|*Navigate to any service*|

<br />

   2. Under **Network and Security** in the left navigation pane, select **Security Groups**. Click the **Create Security Group** button to launch a wizard.

<br />

|![Create a new security group](img/7.2.png)|
|:--:|
|*Create a new security group*|

<br />

   3. In the Create security group wizard, enter the basic details.

<br />

![table1](img/7.3.png)

<br />

|![Create a default VPC, if not available already](img/7.4.png)|
|:--:|
|*Create a default VPC, if not available already*|


<br />

|![Info about a default VPC](img/7.5.png)|
|:--:|
|*Info about a default VPC*|


<br />

|![Basic details](img/7.6.png)|
|:--:|
|*Basic details*|

<br />

   4. In the Inbound rules section, click on **Add Rule** and enter the following values:

<br />

![table2](img/7.7.png)

<br />

   **Important: Using ```0.0.0.0/0``` is not recommended for anything other than demonstration purposes because it allows access from any computer on the internet**. In a real environment, you would create inbound rules based on your own network settings.

<br />

|![Inbound rules](img/7.8.png)|
|:--:|
|*Inbound rules*|

<br />

   5. Outbound rules allow traffic to anywhere by default.

<br />

|![Outbound rules](img/7.9.png)|
|:--:|
|*Outbound rules*|

<br />


   6. Click on the Create security group button at the bottom. You will see a success message.

<br />

|![Details of a security group](img/7.10.png)|
|:--:|
|*Details of a security group*|

<br />


#### Delete a Redshift Cluster

Make sure to delete your cluster each time you're finished working to avoid large, unexpected costs. You can always launch a new cluster, so don't leave it running overnight or throughout the week if you don't need to.

Steps to delete a cluster are:

   1. On the **Clusters** page of your Amazon Redshift console, click on the check-box next to your cluster name. Then click on the **Actions** drop-down button on top → select **Delete**.

<br />

|![Delete a cluster](img/10.1.png)|
|:--:|
|*Delete a cluster*|

<br />


   2. You can choose to not **Create final snapshot**, and click on the **Delete cluster** button.

<br />

|![Prompt before deleting the cluster](img/10.2.png)|
|:--:|
|*Prompt before deleting the cluster*|

<br />

   3. Your cluster will change it's status to **deleting**, and then disappear from your Cluster list once it's finished deleting. You'll no longer be charged for this cluster.



Let's learn how to create a bucket in [Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/gsg/GetStartedWithS3.html), and view a few properties of an existing bucket.

#### Create a Bucket

   1. Navigate to the (S3 dashboard)[https://classroom.udacity.com/nanodegrees/nd027/parts/bb5828e0-2c01-4632-b79a-472e5f9a5d1d/modules/4bd17bdc-8013-449d-b334-5c2c75d39a63/lessons/f27059b5-5894-4f47-9fe1-d4d413c30cf6/concepts/console.aws.amazon.com/s3/home], and click on the **Create bucket** button. It will launch a new wizard.

<br />

|![S3 service → Buckets dashboard](img/11.1.png)|
|:--:|
|*S3 service → Buckets dashboard.*<br />
*View all of the S3 buckets in your account*<br />
*(S3 is a global service, not a region-specific).*|

<br />



We create a bucket first, and later we upload files and folders to it.

   2. **General configuration**
    Provide the bucket-name and the region where you want to locate the bucket. The bucket name must be unique worldwide, and must not contain spaces or uppercase letters.

<br />

|![Create a bucket - Provide general details](img/11.2.png)|
|:--:|
|*Create a bucket - Provide general details*|

<br />



   3. **Public Access settings**
    You can choose public visibility. Let's uncheck the Block all public access option.

<br />

|![Create a bucket - Make it public](img/11.3.png)|
|:--:|
|*Create a bucket - Make it public*|

<br />

   4. **Bucket Versioning and Encryption**
        * Bucket Versioning - Keep it disabled.
        * Encryption - If enabled, it will encrypt the files being stored in the bucket.
        * Object Lock - If enables, it will prevent the files in the bucket from being deleted or modified.

   3. **Public Access settings**
    You can choose public visibility. Let's uncheck the Block all public access option.

<br />

|![Create a bucket - Provide additional details](img/11.4.png)|
|:--:|
|*Create a bucket - Provide additional details*|

<br />


In the snapshots above, we have created a public bucket. Let's see **how to upload files and folders to the bucket**, and configure additional settings.

##### Upload File/Folders to the Bucket

From the (S3 dashboard)[https://classroom.udacity.com/nanodegrees/nd027/parts/bb5828e0-2c01-4632-b79a-472e5f9a5d1d/modules/4bd17bdc-8013-449d-b334-5c2c75d39a63/lessons/f27059b5-5894-4f47-9fe1-d4d413c30cf6/concepts/console.aws.amazon.com/s3/home], click on the name of the bucket you have created in the step above.

<br />

|![Details of an existing bucket. Upload files/folders to this bucket.](img/11.5.png)|
|:--:|
|*Details of an existing bucket. Upload files/folders to this bucket.*|

<br />


In the snapshot above, it shows that the bucket is in the Region: ```US East (Ohio) us-east-2```, and it has a unique Amazon resource name (ARN): ```arn:aws:s3:::mtvbucket```. You can view more details of the bucket, in the tabs next to the bucket overview: **Objects, Properties, Permissions, Metrics, Management**, and **Access points**. Leet's upload a sample file to the bucket:

   1. Click on the **Upload** button to upload files and folders into the current bucket. In the snapshot below, we have uploaded a **Sample.txt** file.

<br />

|![A sample file in the bucket](img/11.6.png)|
|:--:|
|*A sample file in the bucket*|

<br />


   2. Click on the file name to view the file-specific details, as shown below.

<br />

|![Details of an individual file (object)](img/11.7.png)|
|:--:|
|*Details of an individual file (object)*|

<br />

#### Details of an Existing Bucket
**1. Properties**

There are several properties that you can set for S3 buckets, such as:

   * Bucket Versioning - Allows you to keep multiple versions of an object in the same bucket.
   * Static website hosting - Mark if the bucket is used to host a website. S3 is a very cost-effective and cheap solution for serving up static web content.
   * Requester pays - Make the requester pays for requests and data transfer costs.
   * Server access logging - Log requests for access to your bucket.
   * **Permissions**

It shows who has access to the S3 bucket, and who has access to the data within the bucket. In the example snapshots above, the bucket is public, meaning anyone can access it. Here, we can write an access policy (in JSON format) to provides access to the objects stored in the bucket.

**2. Metrics**

View the metrics for usage, request, and data transfer activity within your bucket, such as, total bucket size, total number of objects, and storage class analysis.

**3. Management**

It allows you to create life cycle rules to help manage your objects. It includes rules such as transitioning objects to another storage class, archiving them, or deleting them after a specified period of time.

**4. Access points**

Here, you can create access endpoints for sharing the bucket at scale. Using an endpoint, you can perform all regular operations on the bucket.


According to AWS:

   [Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html) is a relational database service that manages common database administration tasks, resizes automatically, and is cost-friendly.

Let's see how to create a PostgresSQL database, and view the details of an existing database.

#### RDS Dashboard

Navigate to the [RDS dashboard](https://console.aws.amazon.com/rds/home). It shows the database-resources summary, such as the count of database instances, the health of the database service, reserved instances, snapshots. You can also view the portion of the allocated storage. You can launch the **Create database** wizard from here.

<br />

|![RDS dashboard](img/12.1.png)|
|:--:|
|*RDS dashboard*|

<br />

#### Create a PostgreSQL DB

If you haven't launched already, choose the **Databases** menu item on the left navigation pane, and click on the **Create Database** button.

<br />

|![Amazon RDS service → Databases dashboard](img/12.2.png)|
|:--:|
|*Amazon RDS service → Databases dashboard*|

<br />

   1. **Choose a database creation method**
   
   AWS provides two options to choose from:
       * Standard create - You have set all of the configuration options, including ones for availability, security, backups, and maintenance.
       * Easy create - You use the industry best-practice configurations. All configuration options, except the Encryption and VPC details, can be changed after the database is created.

   The steps below will show you the **Standard create** fields/options.

<br />

|![Choose a database creation method](img/12.3.png)|
|:--:|
|*Choose a database creation method*|

<br />

   2. **Engine options**
   
   Select **PostgreSQL** option. It will pick up the latest stable release by default, though you can select a version of your choice as well.

<br />

|![Engine options](img/12.4.png)|
|:--:|
|*Engine options*|

<br />

   3. **Templates**
   
   Use either the **RDS Free Tier** or **Dev/Test** template. On free-tier resources, you can develop and test applications to gain hands-on experience with Amazon RDS.
   
   The free tier will offer you 750 hrs of Amazon RDS in a Single-AZ ```db.t2.micro``` Instance, 20 GB of General Purpose Storage (SSD), and 20 GB for automated backup storage and any user-initiated DB Snapshots.

<br />

|![Templates](img/12.5.png)|
|:--:|
|*Templates*|

<br />

   4. **Settings**
   
   Provide a *DB instance identifier*, such as *postgreSQL-test*, and master credentials (username and a password). Take note of this password, as it is useful for future steps. You will be able to find this password and change it later in the console.

   Alternatively, you can auto-generate the password. In this case, AWS will show you the password once you create the database successfully.

<br />

|![Settings](img/12.6.png)|
|:--:|
|*Settings*|

<br />

   5. **DB instance class**
   
   The options here present the options for processing power and memory requirements. Since we have selected the Free tier option above, the only available option is ```db.t2.micro```, which has 1 vCPU, and 1 GiB RAM.

<br />

|![DB instance class](img/12.7.png)|
|:--:|
|*DB instance class*|

<br />


   8. **Storage and Availability & durability**
   
   Choose the default values for both these sections. It will offer you 20 GiB SSD storage, expandable up to 1000 GiB, by default. For *Availability & durability* section, it will not offer us to have a Multi-AZ deployment.

<br />

|![Storage and Availability & durability](img/12.8.png)|
|:--:|
|*Storage and Availability & durability*|

<br />

   7. **Connectivity**
   
   Choose/ensure the following values:

<br />

![table1](img/12.9.png)

<br />

   **Leave the values default for the Database authentication section.**

<br />

|![Connectivity](img/12.10.png)|
|:--:|
|*Connectivity*|

<br />

   8. **Additional configuration**
   
   * Provide the database name. If you do not specify a database name, Amazon RDS will not create a database.
   * In the *Backup* section and select *1 day*, since this is for demonstration purposes.
   * Leave the default values for the rest and click on the **Create database** button on the bottom right.

<br />

|![Additional configuration](img/12.11.png)|
|:--:|
|*Additional configuration*|

<br />

|![Additional configuration](img/12.12.png)|
|:--:|
|*Additional configuration*|

<br />


   9. **Success**
   
   You should land on a confirmation page. It will take a few minutes to launch the database. Wait a few minutes for the status to change to **Available**.

<br />

|![Additional configuration](img/12.13.png)|
|:--:|
|*Additional configuration*|

<br />

<br />

|![Wait a few minutes for the status to change to **Available**.](img/12.14.png)|
|:--:|
|*Wait a few minutes for the status to change to **Available**.*|

<br />


For each database in the list above, you can see the Region and availability zone it's running in, the size, and the status that it's up and running. You can also see the percentage utilization of the underlying CPU.

