# Creating Redshift Cluster using the AWS python SDK (Infrastructure-as-Code)

In [16]:
import pandas as pd
import boto3
import json
import os
import configparser

os.chdir("../..")

### Create a new IAM user
IAM service is a global service, meaning newly created IAM users are not restricted to a specific region by default.
- Go to [AWS IAM service](https://console.aws.amazon.com/iam/home#/users) and click on the "**Add user**" button to create a new IAM user in your AWS account. 
- Choose a name of your choice. 
- Select "*Programmatic access*" as the access type. Click Next. 
- Choose the *Attach existing policies directly* tab, and select the "**AdministratorAccess**". Click Next. 
- Skip adding any tags. Click Next. 
- Review and create the user. It will show you a pair of access key ID and secret.
- Take note of the pair of access key ID and secret. This pair is collectively known as **Access key**. 

### Save the access key and secret
Edit the file `dwh.cfg` at the root of this project and save the access key and secret against the following variables:
```bash
KEY= <YOUR_AWS_KEY>
SECRET= <YOUR_AWS_SECRET>
```

### Troubleshoot
If your keys are not working, such as getting an `InvalidAccessKeyId` error, then you cannot retrieve them again. You have either of the following two options:

1. **Option 1 - Create a new pair of access keys for the existing user**
 - Go to the [IAM dashboard](https://console.aws.amazon.com/iam/home) and view the details of the existing (Admin) user. 
 - Select on the **Security credentials** tab, and click the **Create access key** button. It will generate a new pair of access key ID and secret.
 - Save the new access key ID and secret in your `dwh.cfg` file

2. **Option 2 - Create a new IAM user with Admin access** - Refer to the instructions at the top. 

## Load Data warehouse parameters from ```dwh.cfg``` file

In [19]:
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

KEY                    = config.get("AWS","KEY")
SECRET                 = config.get("AWS","SECRET")

DWH_CLUSTER_TYPE       = config.get("DWH","DWH_CLUSTER_TYPE")
DWH_NUM_NODES          = config.get("DWH","DWH_NUM_NODES")
DWH_NODE_TYPE          = config.get("DWH","DWH_NODE_TYPE")

DWH_CLUSTER_IDENTIFIER = config.get("DWH","DWH_CLUSTER_IDENTIFIER")
DWH_DB                 = config.get("DWH","DWH_DB")
DWH_DB_USER            = config.get("DWH","DWH_DB_USER")
DWH_DB_PASSWORD        = config.get("DWH","DWH_DB_PASSWORD")
DWH_PORT               = config.get("DWH","DWH_PORT")

DWH_IAM_ROLE_NAME      = config.get("DWH", "DWH_IAM_ROLE_NAME")

## Create clients for IAM, EC2, S3 and Redshift
**Note**: We are creating these resources in the the **us-west-2** region. Choose the same region in the your AWS web console to see these resources.

In [3]:
ec2 = boto3.resource('ec2',
                       region_name="us-west-2",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                    )

s3 = boto3.resource('s3',
                       region_name="us-west-2",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                   )

iam = boto3.client('iam',aws_access_key_id=KEY,
                     aws_secret_access_key=SECRET,
                     region_name='us-west-2'
                  )

redshift = boto3.client('redshift',
                       region_name="us-west-2",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                       )

### IAM Role 
- Create an IAM role that makes Redshift able to access the S3 bucket with ```ReadOnly``` permissions.

In [4]:
from botocore.exceptions import ClientError

try:
    dwhRole = iam.create_role(
        Path='/',
        RoleName=DWH_IAM_ROLE_NAME,
        Description = "Allows Redshift clusters to call AWS services on our behalf.",
        AssumeRolePolicyDocument=json.dumps(
            {'Statement': [{'Action': 'sts:AssumeRole',
               'Effect': 'Allow',
               'Principal': {'Service': 'redshift.amazonaws.com'}}],
             'Version': '2012-10-17'})
    )    
except Exception as e:
    print(e)
    
iam.attach_role_policy(RoleName=DWH_IAM_ROLE_NAME,
                       PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
                      )['ResponseMetadata']['HTTPStatusCode']


200

In [5]:
roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']

### Redshift Cluster

- Create a [RedShift Cluster](https://console.aws.amazon.com/redshiftv2/home)
- For complete arguments to `create_cluster`, see [docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster)

In [6]:
try:
    response = redshift.create_cluster(        
        # Data Warehouse 
        ClusterType=DWH_CLUSTER_TYPE,
        NodeType=DWH_NODE_TYPE,
        NumberOfNodes=int(DWH_NUM_NODES),

        # Identifiers & Credentials
        DBName=DWH_DB,
        ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,
        MasterUsername=DWH_DB_USER,
        MasterUserPassword=DWH_DB_PASSWORD,
        
        # Roles (for s3 read access)
        IamRoles=[roleArn]  
    )
except Exception as e:
    print(e)

Describe the cluster to see its status (run this block several times until the cluster status becomes `Available`)

In [11]:
def prettyRedshiftProps(props):
    pd.set_option('display.max_colwidth', None)
    keysToShow = ["ClusterIdentifier", "NodeType", "ClusterStatus", "MasterUsername", "DBName", "Endpoint", "NumberOfNodes", 'VpcId']
    x = [(k, v) for k,v in props.items() if k in keysToShow]
    return pd.DataFrame(data=x, columns=["Key", "Value"])

myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-007daf72d242de6de
7,NumberOfNodes,4


Take note of the ```cluster endpoint``` and ```role ARN```

- Run this when the cluster status is "Available". Make sure you are checking your Amazon Redshift cluster in the correct region.

In [12]:
DWH_ENDPOINT = myClusterProps['Endpoint']['Address']
DWH_ROLE_ARN = myClusterProps['IamRoles'][0]['IamRoleArn']

print(f"Endpoint address: {DWH_ENDPOINT}")
print(f"Role ARN: {DWH_ROLE_ARN}")

Endpoint address: dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com
Role ARN: arn:aws:iam::096462091547:role/dwhRole


Edit the file `dwh.cfg` at the root of this project and save the cluster endpoint to the following variables:
```bash
HOST= <DWH_ENDPOINT>
ARN= <DWH_ROLE_ARN>
```

### Open an incoming  TCP port to access the cluster ednpoint
- The cluster runs on a virtual private network

In [13]:
try:
    vpc = ec2.Vpc(id=myClusterProps['VpcId'])
    defaultSg = list(vpc.security_groups.all())[0]
    print(defaultSg)
    defaultSg.authorize_ingress(
        GroupName=defaultSg.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DWH_PORT),
        ToPort=int(DWH_PORT)
    )
except Exception as e:
    print(e)

ec2.SecurityGroup(id='sg-0bd2ba079d873698b')
An error occurred (InvalidPermission.Duplicate) when calling the AuthorizeSecurityGroupIngress operation: the specified rule "peer: 0.0.0.0/0, TCP, from port: 5439, to port: 5439, ALLOW" already exists


### Test if you can connect to the cluster

In [14]:
%load_ext sql

In [21]:
conn_string="postgresql://{}:{}@{}:{}/{}".format(DWH_DB_USER, DWH_DB_PASSWORD, DWH_ENDPOINT, DWH_PORT, DWH_DB)
print(conn_string)
%sql $conn_string

postgresql://dwhuser:Passw0rd@dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com:5439/dwh


# Create staging and final tables in Redshift Cluster

In [23]:
!python src/scripts/create_tables.py

In [24]:
%sql SELECT DISTINCT tablename FROM pg_table_def WHERE schemaname = 'public';

 * postgresql://dwhuser:***@dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com:5439/dwh
7 rows affected.


tablename
artists
events_staging
songplays
songs
songs_staging
time
users


# Execute ETL Pipeline
- Extract song and log data from S3 and load into Redshift staging tables
- Extract data from staging tables into final tables

In [26]:
!python src/scripts/etl.py

### Execute some queries to verify the ETL process

In [28]:
%sql SELECT * FROM events_staging LIMIT 10;

 * postgresql://dwhuser:***@dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com:5439/dwh
10 rows affected.


artist,auth,firstname,gender,iteminsession,lastname,length,level,location,method,page,registration,sessionid,song,status,ts,useragent,userid
,Logged In,Theodore,M,0,Smith,,free,"Houston-The Woodlands-Sugar Land, TX",GET,Home,1540306145796,154,,200,1541290555796,Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0,52
Professor Longhair,Logged In,Ann,F,0,Banks,214.20363,free,"Salt Lake City, UT",PUT,NextSong,1540895683796,124,Mean Ol'World,200,1541292603796,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0,99
,Logged In,Jahiem,M,0,Miles,,free,"San Antonio-New Braunfels, TX",GET,Home,1540817347796,42,,200,1541299033796,"""Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36""",43
Gary Hobbs,Logged In,Jahiem,M,1,Miles,245.52444,free,"San Antonio-New Braunfels, TX",PUT,NextSong,1540817347796,42,En Mi Mundo,200,1541300092796,"""Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36""",43
Lifehouse,Logged In,Jahiem,M,2,Miles,203.59791,free,"San Antonio-New Braunfels, TX",PUT,NextSong,1540817347796,42,We'll Never Know,200,1541300337796,"""Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36""",43
Olivia Ruiz,Logged In,Jahiem,M,3,Miles,254.74567,free,"San Antonio-New Braunfels, TX",PUT,NextSong,1540817347796,42,Cabaret Blanco,200,1541300540796,"""Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36""",43
,Logged In,Cecilia,F,0,Owens,,free,"Atlanta-Sandy Springs-Roswell, GA",GET,Home,1541032432796,225,,200,1541304686796,Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0,6
Jordan Rudess,Logged In,Cecilia,F,1,Owens,1367.84934,free,"Atlanta-Sandy Springs-Roswell, GA",PUT,NextSong,1541032432796,225,Tarkus,200,1541306152796,Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0,6
Deerhunter,Logged In,Jayden,M,0,Graves,162.08934,paid,"Marinette, WI-MI",PUT,NextSong,1540664184796,128,Weird Era,200,1541310546796,"""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36""",25
Daughtry,Logged In,Jayden,M,1,Graves,249.91302,paid,"Marinette, WI-MI",PUT,NextSong,1540664184796,128,No Surprise,200,1541310708796,"""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36""",25


In [30]:
%sql SELECT * FROM songs_staging LIMIT 10;

 * postgresql://dwhuser:***@dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com:5439/dwh
10 rows affected.


artist_id,artist_latitude,artist_location,artist_longitude,artist_name,duration,num_songs,song_id,title,year
ARC1IHZ1187FB4E920,,,,Jamie Cullum,246.9873,1,SOXZYWX12A6310ED0C,It's About Time,0
ARIRBKB1187FB56CD0,,,,Saul Williams,218.95791,1,SOMUUNK12AB0183AEE,Seaweed,2004
ARTEOIV11C8A417A4E,,,,Mala Reputación,181.2371,1,SOZZZES12AB018466B,Las 2:00,0
ARIDBCA11F4C83D58D,,,,Bill Haley And The Comets,142.2624,1,SOCPGAN12A6D4F7F17,ABC Boogie,0
ARMLETE1187B99070D,,"Madrid, Spain",,Canteca de macao,169.58649,1,SOHUKWK12AB017EB85,Green yin,2009
AR5R1EG1187FB3E94F,46.35316,"Brainerd, MN",-94.20069,Linda Eder,217.67791,1,SORRXNW12AB01882F4,If I Should Lose My Way (Album Version),2002
ARY8LZU1187B98D7E5,,,,Eric Weissberg & Deliverance,179.40853,1,SOYYETY12A8C13B03B,Reuben's Train (Album Version),0
ARGVYYD11C8A416342,,,,DJ Muggs & Planet Asia feat. Sick Jacken,222.17098,1,SOTMGYY12A8C140E5D,Death Frees Every Soul,2008
ARIZTU51187B9991F1,,"New York, NY [Brooklyn]",,Vico C,237.11302,1,SOLVNWB12AF72AAF3A,Aquel Que Habia Muerto Radio Edit,0
ARHA3KO1187B99D51F,23.62574,MX,-101.95625,Barricada,207.04608,1,SOZWUEI12A8C13BE77,Barrio Conflictivo,1984


In [31]:
%sql SELECT * FROM songplays LIMIT 10;

 * postgresql://dwhuser:***@dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com:5439/dwh
10 rows affected.


songplay_id,start_time,user_id,level,song_id,artist_id,session_id,location,user_agent
1,2018-11-04 05:49:06,25,paid,,,128,"Marinette, WI-MI","""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
6,2018-11-04 06:26:57,25,paid,,,128,"Marinette, WI-MI","""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
20,2018-11-04 06:07:03,25,paid,,,128,"Marinette, WI-MI","""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
36,2018-11-04 07:45:24,25,paid,,,128,"Marinette, WI-MI","""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
49,2018-11-04 10:48:12,44,paid,,,196,"Waterloo-Cedar Falls, IA",Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
50,2018-11-04 10:29:30,44,paid,,,196,"Waterloo-Cedar Falls, IA",Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
55,2018-11-04 07:11:43,25,paid,,,128,"Marinette, WI-MI","""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
61,2018-11-04 15:39:36,78,free,SOBONKR12A58A7A7E0,AR5E44Z1187B9A1D74,176,"Indianapolis-Carmel-Anderson, IN",Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
70,2018-11-04 09:51:23,44,paid,,,196,"Waterloo-Cedar Falls, IA",Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
75,2018-11-04 11:16:42,44,paid,,,196,"Waterloo-Cedar Falls, IA",Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0


In [32]:
%sql SELECT * FROM users LIMIT 10;

 * postgresql://dwhuser:***@dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com:5439/dwh
10 rows affected.


user_id,first_name,last_name,gender,level
9,Wyatt,Scott,M,free
12,Austin,Rosales,M,free
23,Morris,Gilmore,M,free
41,Brayden,Clark,M,free
47,Kimber,Norris,F,free
49,Chloe,Cuevas,F,free
69,Anabelle,Simpson,F,free
72,Hayden,Brock,F,paid
74,Braden,Parker,M,free
81,Sienna,Colon,F,free


# DELETE resources

In [33]:
redshift.delete_cluster(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,  SkipFinalClusterSnapshot=True)

{'Cluster': {'ClusterIdentifier': 'dwhcluster',
  'NodeType': 'dc2.large',
  'ClusterStatus': 'deleting',
  'ClusterAvailabilityStatus': 'Modifying',
  'MasterUsername': 'dwhuser',
  'DBName': 'dwh',
  'Endpoint': {'Address': 'dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com',
   'Port': 5439},
  'ClusterCreateTime': datetime.datetime(2022, 5, 23, 11, 4, 27, 957000, tzinfo=tzlocal()),
  'AutomatedSnapshotRetentionPeriod': 1,
  'ManualSnapshotRetentionPeriod': -1,
  'ClusterSecurityGroups': [],
  'VpcSecurityGroups': [{'VpcSecurityGroupId': 'sg-0bd2ba079d873698b',
    'Status': 'active'}],
  'ClusterParameterGroups': [{'ParameterGroupName': 'default.redshift-1.0',
    'ParameterApplyStatus': 'in-sync'}],
  'ClusterSubnetGroupName': 'default',
  'VpcId': 'vpc-007daf72d242de6de',
  'AvailabilityZone': 'us-west-2c',
  'PreferredMaintenanceWindow': 'wed:06:30-wed:07:00',
  'PendingModifiedValues': {},
  'ClusterVersion': '1.0',
  'AllowVersionUpgrade': True,
  'NumberOfNodes': 4,
  

Verify cluster has in fact been deleted (and we stop incurring costs):

In [34]:
myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,deleting
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cta9mp8jctyn.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-007daf72d242de6de
7,NumberOfNodes,4


Detach policy and delete created role:

In [35]:
iam.detach_role_policy(RoleName=DWH_IAM_ROLE_NAME, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
iam.delete_role(RoleName=DWH_IAM_ROLE_NAME)

{'ResponseMetadata': {'RequestId': '667e6761-66e2-4b69-8613-2863a3d830eb',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '667e6761-66e2-4b69-8613-2863a3d830eb',
   'content-type': 'text/xml',
   'content-length': '200',
   'date': 'Mon, 23 May 2022 11:33:40 GMT'},
  'RetryAttempts': 0}}