In [12]:
# !pip install boto3
!pip install configparser



In [1]:
import boto3
import pandas as pd
import numpy
import os

### STEP 0: Make sure you have an AWS secret and access key

- Create a new IAM user in your AWS account. Note that I have created 'dwhadmin' IAM user in the Udacity AWS account
- Give it `AdministratorAccess`, From `Attach existing policies directly` Tab
- Take note of the access key and secret 
- Edit the file `dwhconfig.txt` in the same folder as this notebook and fill
<font color='GREEN'>
<BR>
[AWS]<BR>
ACCESSKEY= YOUR_AWS_KEY<BR>
SECRETKEY= YOUR_AWS_SECRET<BR>
<font/>

In [3]:
import configparser

config = configparser.ConfigParser()
config.read_file(open('dwhconfig.txt'))

ACCESSKEY = config.get('AWS','ACCESSKEY')
SECRETKEY = config.get('AWS','SECRETKEY')

print(ACCESSKEY,SECRETKEY)

DWH_CLUSTER_TYPE       = config.get("DWH","DWH_CLUSTER_TYPE")
DWH_NUM_NODES          = config.get("DWH","DWH_NUM_NODES")
DWH_NODE_TYPE          = config.get("DWH","DWH_NODE_TYPE")

DWH_CLUSTER_IDENTIFIER = config.get("DWH","DWH_CLUSTER_IDENTIFIER")
DWH_DB                 = config.get("DWH","DWH_DB")
DWH_DB_USER            = config.get("DWH","DWH_DB_USER")
DWH_DB_PASSWORD        = config.get("DWH","DWH_DB_PASSWORD")
DWH_PORT               = config.get("DWH","DWH_PORT")

DWH_IAM_ROLE_NAME      = config.get("DWH", "DWH_IAM_ROLE_NAME")

(DWH_DB_USER, DWH_DB_PASSWORD, DWH_DB)

pd.DataFrame({"Param":
                  ["DWH_CLUSTER_TYPE", "DWH_NUM_NODES", "DWH_NODE_TYPE", "DWH_CLUSTER_IDENTIFIER", "DWH_DB", "DWH_DB_USER", "DWH_DB_PASSWORD", "DWH_PORT", "DWH_IAM_ROLE_NAME"],
              "Value":
                  [DWH_CLUSTER_TYPE, DWH_NUM_NODES, DWH_NODE_TYPE, DWH_CLUSTER_IDENTIFIER, DWH_DB, DWH_DB_USER, DWH_DB_PASSWORD, DWH_PORT, DWH_IAM_ROLE_NAME]
             })

AKIAW7YCJJYNI5DV7QEF whqw8/pBVqJ9vYze1ir6N9F6uuxSF0uVQU0/uw9W


Unnamed: 0,Param,Value
0,DWH_CLUSTER_TYPE,multi-node
1,DWH_NUM_NODES,4
2,DWH_NODE_TYPE,dc2.large
3,DWH_CLUSTER_IDENTIFIER,dwhCluster
4,DWH_DB,dwh
5,DWH_DB_USER,dwhuser
6,DWH_DB_PASSWORD,Passw0rd
7,DWH_PORT,5439
8,DWH_IAM_ROLE_NAME,dwhRole


#### Step 1: Create the IAM & Redshift clients and EC2 & S3 resources
**`Note`**: The Udacity AWS account given to me is in us-west-2 (Oregon). We are creating the above clients and resources
in the same us-west-2 region only. Also note that we are using the 'dwhadmin' IAM user's access key and secret keys in creating all these clients and resources

In [4]:
iam = boto3.client('iam',region_name='us-west-2',
                  aws_access_key_id = ACCESSKEY,
                  aws_secret_access_key = SECRETKEY)

redshift = boto3.client('redshift',region_name = 'us-west-2',
                       aws_access_key_id = ACCESSKEY,
                      aws_secret_access_key = SECRETKEY)

s3 = boto3.resource('s3',region_name='us-west-2',
                  aws_access_key_id = ACCESSKEY,
                  aws_secret_access_key = SECRETKEY)

ec2 = boto3.client('ec2',region_name = 'us-west-2',
                       aws_access_key_id = ACCESSKEY,
                      aws_secret_access_key = SECRETKEY)


#### Step 2: Create IAM role and attach a Permission policy to it. Redshift will impersonate this role or in other words will attach this IAM role to the Redshift cluster to access the S3 bucket

In [8]:
from botocore.exceptions import ClientError
import json

# 1.1 Create the IAM role like below

try:
    print("1.1. Creating IAM role")
    dwhRole = iam.create_role(
    Path = '/',
    RoleName = DWH_IAM_ROLE_NAME,
    Description = "Allows Redshift to access other AWS services on your behalf",
    AssumeRolePolicyDocument=json.dumps(
        {'Statement': [{'Action': 'sts:AssumeRole',
               'Effect': 'Allow',
               'Principal': {'Service': 'redshift.amazonaws.com'}}],
             'Version': '2012-10-17'}
        )
       
    )
except Exception as e:
    print(e)

print("1.2 Attaching Policy")

iam.attach_role_policy(RoleName=DWH_IAM_ROLE_NAME,
                       PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
                      )['ResponseMetadata']['HTTPStatusCode']

print("1.3 Get the IAM role ARN")
roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']

print(roleArn)

1.1. Creating IAM role
An error occurred (EntityAlreadyExists) when calling the CreateRole operation: Role with name dwhRole already exists.
1.2 Attaching Policy
1.3 Get the IAM role ARN
arn:aws:iam::480504270362:role/dwhRole


#### Step 3: Create Redshift cluster

- Create a [RedShift Cluster](https://console.aws.amazon.com/redshiftv2/home)
- For complete arguments to `create_cluster`, see [docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster)

In [14]:
try:
    response = redshift.create_cluster(
        ## Hardware
        ClusterType = DWH_CLUSTER_TYPE,
        NodeType = DWH_NODE_TYPE,
        NumberOfNodes = int(DWH_NUM_NODES),
        
        ## Identifiers & Credentials
        DBName = DWH_DB,
        ClusterIdentifier = DWH_CLUSTER_IDENTIFIER,
        MasterUsername = DWH_DB_USER,
        MasterUserPassword = DWH_DB_PASSWORD,
        
        #Roles (for s3 access) - Attach the above created IAM role to the cluster
        IamRoles=[roleArn]  
   
    )
except Exception as e:
    print(e)

#### 3.1 Describe the cluster to see its status
- run this block several times until the cluster status becomes `Available`

In [16]:
def prettyRedshiftProps(props):
    pd.set_option('display.max_colwidth', -1)
    keysToShow = ["ClusterIdentifier", "NodeType", "ClusterStatus", "MasterUsername", "DBName", "Endpoint", "NumberOfNodes", 'VpcId']
    x = [(k, v) for k,v in props.items() if k in keysToShow]
    return pd.DataFrame(data=x, columns=["Key", "Value"])

myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

  pd.set_option('display.max_colwidth', -1)


Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cwybjuzqonml.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-03309f7ef15f88f0f
7,NumberOfNodes,4


<h4> 3.2 Take note of the cluster <font color='red'> endpoint and role ARN </font> </h4>

<font color='red'>DO NOT RUN THIS unless the cluster status becomes "Available". Make ure you are checking your Amazon Redshift cluster in the **us-west-2** region. </font>

In [17]:
DWH_ENDPOINT = myClusterProps['Endpoint']['Address']
DWH_ROLE_ARN = myClusterProps['IamRoles'][0]['IamRoleArn']
print("DWH_ENDPOINT :: ", DWH_ENDPOINT)
print("DWH_ROLE_ARN :: ", DWH_ROLE_ARN)

DWH_ENDPOINT ::  dwhcluster.cwybjuzqonml.us-west-2.redshift.amazonaws.com
DWH_ROLE_ARN ::  arn:aws:iam::480504270362:role/dwhRole


#### Step 4: Open an incoming  TCP port to access the cluster endpoint

In [21]:
try:
    vpc = ec2.Vpc(id=myClusterProps['VpcId'])
    defaultSg = list(vpc.security_groups.all())[0]
    print(defaultSg)
    defaultSg.authorize_ingress(
        GroupName=defaultSg.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DWH_PORT),
        ToPort=int(DWH_PORT)
    )
except Exception as e:
    print(e)

'EC2' object has no attribute 'Vpc'


#### Step 5: Make sure you can connect to the cluster

In [22]:
%load_ext sql

In [23]:
conn_string="postgresql://{}:{}@{}:{}/{}".format(DWH_DB_USER, DWH_DB_PASSWORD, DWH_ENDPOINT, DWH_PORT,DWH_DB)
print(conn_string)
%sql $conn_string

postgresql://dwhuser:Passw0rd@dwhcluster.cwybjuzqonml.us-west-2.redshift.amazonaws.com:5439/dwh
(psycopg2.OperationalError) connection to server at "dwhcluster.cwybjuzqonml.us-west-2.redshift.amazonaws.com" (52.11.232.174), port 5439 failed: Connection timed out (0x0000274C/10060)
	Is the server running on that host and accepting TCP/IP connections?

(Background on this error at: https://sqlalche.me/e/14/e3q8)
Connection info needed in SQLAlchemy format, example:
               postgresql://username:password@hostname/dbname
               or an existing connection: dict_keys([])


#### Step 6: Clean up the resources

<b><font color='red'>DO NOT RUN THIS UNLESS YOU ARE SURE <br/> 
    We will be using these resources in the next exercises</span></b>

In [24]:
#### CAREFUL!!
#-- Uncomment & run to delete the created resources
redshift.delete_cluster( ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,  SkipFinalClusterSnapshot=True)
#### CAREFUL!!

{'Cluster': {'ClusterIdentifier': 'dwhcluster',
  'NodeType': 'dc2.large',
  'ClusterStatus': 'deleting',
  'ClusterAvailabilityStatus': 'Modifying',
  'MasterUsername': 'dwhuser',
  'DBName': 'dwh',
  'Endpoint': {'Address': 'dwhcluster.cwybjuzqonml.us-west-2.redshift.amazonaws.com',
   'Port': 5439},
  'ClusterCreateTime': datetime.datetime(2022, 4, 5, 5, 23, 37, 907000, tzinfo=tzutc()),
  'AutomatedSnapshotRetentionPeriod': 1,
  'ManualSnapshotRetentionPeriod': -1,
  'ClusterSecurityGroups': [],
  'VpcSecurityGroups': [{'VpcSecurityGroupId': 'sg-0226bbd8755d2405f',
    'Status': 'active'}],
  'ClusterParameterGroups': [{'ParameterGroupName': 'default.redshift-1.0',
    'ParameterApplyStatus': 'in-sync'}],
  'ClusterSubnetGroupName': 'default',
  'VpcId': 'vpc-03309f7ef15f88f0f',
  'AvailabilityZone': 'us-west-2c',
  'PreferredMaintenanceWindow': 'tue:10:30-tue:11:00',
  'PendingModifiedValues': {},
  'ClusterVersion': '1.0',
  'AllowVersionUpgrade': True,
  'NumberOfNodes': 4,
  'Pu

In [25]:
myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

  pd.set_option('display.max_colwidth', -1)


Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,deleting
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cwybjuzqonml.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-03309f7ef15f88f0f
7,NumberOfNodes,4


In [26]:
#### CAREFUL!!
#-- Uncomment & run to delete the created resources
iam.detach_role_policy(RoleName=DWH_IAM_ROLE_NAME, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
iam.delete_role(RoleName=DWH_IAM_ROLE_NAME)
#### CAREFUL!!

{'ResponseMetadata': {'RequestId': '9e319f2e-32e7-46c7-b67c-1773dd0afd91',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '9e319f2e-32e7-46c7-b67c-1773dd0afd91',
   'content-type': 'text/xml',
   'content-length': '200',
   'date': 'Tue, 05 Apr 2022 05:52:34 GMT'},
  'RetryAttempts': 0}}

#### Note: Finally we have deleted the Redshift cluster and detached the IAM role attached to the cluster



### Final Solution: Infrastructure as Code
1. Save the AWS Access key and Secret key of the IAM user 'dwhadmin'
2. Load DWH Params from a file
3. Create clients for IAM, EC2, S3, and Redshift using the Access and Secret keys of IAM user 'dwhadmin'
4. Create an IAM ROLE 'dwhRole' which has `AmazonS3ReadOnlyAccess`
5. Create the Redshift Cluster and attach the IAM role 'dwhRole' to read S3 buckets
6. Describe the cluster to see its status
7. Take note of the cluster endpoint and role ARN
8. Open an incoming TCP port to access the cluster ednpoint
9. Make sure you can connect to the cluster using SQL magic commands
10. Finally delete the cluster and detach its IAM role