### RUN THIS IPYTHON NOTEBOOK INITIALLY. THIS WILL INITIALIZE YOUR AWS INSTANCE AND ALLOCATE RESOURCES. FOLLOW THE INSTRUCTION CAREFULLY.

In [1]:
import pandas as pd
import boto3
import json
import configparser

## STEP 0: Make sure you have an AWS secret and access key

- Create a new IAM user in your AWS account
- Give it `AdministratorAccess`, From `Attach existing policies directly` Tab
- Take note of the access key and secret 
- Edit the file `dwh.cfg` in the same folder as this notebook and fill

<BR>
[AWS]<BR>
KEY= YOUR_AWS_KEY<BR>
SECRET= YOUR_AWS_SECRET<BR>
<font/>


### Run the following two cell everytime to load the config parameters for use in this notebook

In [2]:
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

In [3]:
KEY                = config.get('AWS','KEY')
SECRET             = config.get('AWS','SECRET')
CLUSTER_TYPE       = config.get('CLUSTER', 'CLUSTER_TYPE')
NODE_TYPE          = config.get('CLUSTER', 'NODE_TYPE')
NUM_NODES          = config.get('CLUSTER', 'NUM_NODES')
CLUSTER_IDENTIFIER = config.get('CLUSTER', 'CLUSTER_IDENTIFIER')
DB_USER            = config.get('CLUSTER','DB_USER')
DB_PASSWORD        = config.get('CLUSTER', 'DB_PASSWORD')
DB_NAME            = config.get('CLUSTER', 'DB_NAME')
DB_PORT            = config.get('CLUSTER', 'DB_PORT')
KEY                = config.get('AWS','KEY')
SECRET             = config.get('AWS','SECRET')
DWH_IAM_ROLE_NAME  = config.get('DWH','DWH_IAM_ROLE_NAME')
roleArn            = config.get('IAM_ROLE','ARN')

### Create the IAM Client

In [4]:
iam = boto3.client('iam',
                        region_name='us-west-2',
                        aws_access_key_id=KEY,
                        aws_secret_access_key=SECRET
                  )

## STEP 1: IAM ROLE

### Create IAM Role which allows redshift clusters to call aws services on your behalf. If you have already created the role then the program will just fetch the ARN value from dwh.cfg file.

#### If the role is being created for the first time then the following steps are followed: 


- 1.1 Create an IAM Role that makes Redshift able to access S3 bucket (ReadOnly). 
- 1.2 Attach S3 ReadOnly Policy to the role.
- 1.3 Get the IAM Role ARN
- 1.4 Write the ARN in the dwh.cfg config file. 



In [5]:
if(not roleArn):
    try:
        print("1.1 Creating a new IAM Role") 
        dwhRole = iam.create_role(
            Path='/',
            RoleName=DWH_IAM_ROLE_NAME,
            Description = "Allows Redshift clusters to call AWS services on your behalf.",
            AssumeRolePolicyDocument=json.dumps(
                {'Statement': [{'Action': 'sts:AssumeRole',
                   'Effect': 'Allow',
                   'Principal': {'Service': 'redshift.amazonaws.com'}}],
                 'Version': '2012-10-17'})
        )    
    except Exception as e:
        print(e)
        
    print("1.2 Attaching Policy")

    iam.attach_role_policy(RoleName=DWH_IAM_ROLE_NAME,
                           PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
                          )['ResponseMetadata']['HTTPStatusCode']
    
    print("1.3 Get the IAM role ARN")
    roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']
    print(roleArn)
    
    try:
        print("1.4 Write the ARN in the dwh.cfg config file.")
        config.set('IAM_ROLE','ARN',roleArn)
        with open('dwh.cfg', 'w+') as cfg_file:
            config.write(cfg_file)
    except Exception as e:
        print(e)
        
print(roleArn)

arn:aws:iam::719980109038:role/dwhRole


## STEP 2:  CREATE REDSHIFT CLUSTER

#### Create the Redshift cluster to store all the data for analysis. The configuration we are using are: multi-node dc2.large cluster and we are using 4 nodes.

In [6]:
redshift = boto3.client('redshift',
                             region_name='us-west-2',
                             aws_access_key_id=KEY,
                             aws_secret_access_key=SECRET
                       )

In [7]:
try:
    response = redshift.create_cluster(        
        #HW
        ClusterType=CLUSTER_TYPE,
        NodeType=NODE_TYPE,
        NumberOfNodes=int(NUM_NODES),

        #Identifiers & Credentials
        DBName=DB_NAME,
        ClusterIdentifier=CLUSTER_IDENTIFIER,
        MasterUsername=DB_USER,
        MasterUserPassword=DB_PASSWORD,
        
        #Roles (for s3 access)
        IamRoles=[roleArn]  
    )
except Exception as e:
    print(e)

## [OPTIONAL] *Describe* the cluster to see its status
- run this block several times until the cluster status becomes `Available`

In [9]:
def prettyRedshiftProps(props):
    pd.set_option('display.max_colwidth', -1)
    keysToShow = ["ClusterIdentifier", "NodeType", "ClusterStatus", "MasterUsername", "DBName", "Endpoint", "NumberOfNodes", 'VpcId']
    x = [(k, v) for k,v in props.items() if k in keysToShow]
    return pd.DataFrame(data=x, columns=["Key", "Value"])

myClusterProps = redshift.describe_clusters(ClusterIdentifier=CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cu1oy3pagkbr.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-cb6e19b3
7,NumberOfNodes,4


### The following code updates the config file and writes the endpoint in the [CLUSTER] section's "host" key.

<font color='red'>DO NOT RUN THIS unless the cluster status becomes "Available" </font>

In [10]:
DWH_ENDPOINT = myClusterProps['Endpoint']['Address']
try:
    config.set('CLUSTER','host',DWH_ENDPOINT)
    with open('dwh.cfg', 'w+') as cfg_file:
        config.write(cfg_file)
except Exception as e:
    print(e)

## STEP 3: Open an incoming  TCP port to access the cluster endpoint

In [11]:
ec2 = boto3.resource('ec2',
                        region_name="us-west-2",
                        aws_access_key_id=KEY,
                        aws_secret_access_key=SECRET
                    )
try:
    vpc = ec2.Vpc(id=myClusterProps['VpcId'])
    defaultSg = list(vpc.security_groups.all())[0]
    print(defaultSg)
    defaultSg.authorize_ingress(
        GroupName=defaultSg.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DB_PORT),
        ToPort=int(DB_PORT)
    )
except Exception as e:
    print(e)

ec2.SecurityGroup(id='sg-5826420b')
An error occurred (InvalidPermission.Duplicate) when calling the AuthorizeSecurityGroupIngress operation: the specified rule "peer: 0.0.0.0/0, TCP, from port: 5439, to port: 5439, ALLOW" already exists


## STEP 4: Make sure you can connect to the clusterConnect to the cluster. Debug any errors before running the scripts to store data in Data Warehouse

In [12]:
%load_ext sql
conn_string="postgresql://{}:{}@{}:{}/{}".format(DB_USER, DB_PASSWORD, DWH_ENDPOINT, DB_PORT,DB_NAME)
print(conn_string)
%sql $conn_string

postgresql://dwhuser:Passw0rd@dwhcluster.cu1oy3pagkbr.us-west-2.redshift.amazonaws.com:5439/dwh


'Connected: dwhuser@dwh'

## STEP 5: DELETE THE REDHSIFT CLUSTER AND FREE UP RESOURCES.

#### CAREFUL!!!
#### This part of the ipython notebook deletes the cluster we just created. I have added this part of the code if you are taking a break from this and don't want to incur unnecessary charges on you AWS account. This code is for demonstration, it is always better to delete the cluster and create again. This code should not be followed in production environment.


In [13]:
redshift.delete_cluster( ClusterIdentifier=CLUSTER_IDENTIFIER,  SkipFinalClusterSnapshot=True)

{'Cluster': {'ClusterIdentifier': 'dwhcluster',
  'NodeType': 'dc2.large',
  'ClusterStatus': 'deleting',
  'MasterUsername': 'dwhuser',
  'DBName': 'dwh',
  'Endpoint': {'Address': 'dwhcluster.cu1oy3pagkbr.us-west-2.redshift.amazonaws.com',
   'Port': 5439},
  'ClusterCreateTime': datetime.datetime(2020, 6, 6, 21, 51, 1, 189000, tzinfo=tzlocal()),
  'AutomatedSnapshotRetentionPeriod': 1,
  'ClusterSecurityGroups': [],
  'VpcSecurityGroups': [{'VpcSecurityGroupId': 'sg-5826420b',
    'Status': 'active'}],
  'ClusterParameterGroups': [{'ParameterGroupName': 'default.redshift-1.0',
    'ParameterApplyStatus': 'in-sync'}],
  'ClusterSubnetGroupName': 'default',
  'VpcId': 'vpc-cb6e19b3',
  'AvailabilityZone': 'us-west-2a',
  'PreferredMaintenanceWindow': 'fri:12:00-fri:12:30',
  'PendingModifiedValues': {},
  'ClusterVersion': '1.0',
  'AllowVersionUpgrade': True,
  'NumberOfNodes': 4,
  'PubliclyAccessible': True,
  'Encrypted': False,
  'Tags': [],
  'EnhancedVpcRouting': False,
  'IamR

#### Run this block several times until the cluster really deleted

In [14]:
myClusterProps = redshift.describe_clusters(ClusterIdentifier=CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,deleting
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cu1oy3pagkbr.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-cb6e19b3
7,NumberOfNodes,4
