# Redshift Infrastructure-As-Code

In [45]:
import boto3
import json
import configparser
import pandas as pd
import os 

%load_ext sql

The sql extension is already loaded. To reload it, use:
  %reload_ext sql


#### Load DWH parameters from a file

In [10]:
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

KEY = config.get('AWS', 'KEY')
SECRET = config.get('AWS', 'SECRET')

DWH_CLUSTER_TYPE = config.get('DWH', 'DWH_CLUSTER_TYPE')
DWH_NUM_NODES = config.get('DWH', 'DWH_NUM_NODES')
DWH_NODE_TYPE = config.get('DWH', 'DWH_NODE_TYPE')

DWH_CLUSTER_IDENTIFIER = config.get('DWH', 'DWH_CLUSTER_IDENTIFIER')
DWH_DB = config.get('DWH', 'DWH_DB')
DWH_DB_USER = config.get('DWH', 'DWH_DB_USER')
DWH_DB_PASSWORD = config.get('DWH', 'DWH_DB_PASSWORD')
DWH_PORT = config.get('DWH', 'DWH_PORT')

DWH_IAM_ROLE_NAME = config.get('DWH', 'DWH_IAM_ROLE_NAME')

#### Create clients for EC2, S3, IAM, and Redshift

In [11]:
ec2 = boto3.resource('ec2',
                     region_name='us-west-2', 
                     aws_access_key_id=KEY,
                     aws_secret_access_key=SECRET
                    )

s3 = boto3.resource('s3',
                    region_name='us-west-2',
                    aws_access_key_id=KEY,
                    aws_secret_access_key=SECRET
                   )

iam = boto3.client('iam',
                   aws_access_key_id=KEY,
                   aws_secret_access_key=SECRET,
                   region_name='us-west-2'
                  )

redshift = boto3.client('redshift',
                        region_name='us-west-2',
                        aws_access_key_id=KEY,
                        aws_secret_access_key=SECRET
                       )

#### Create IAM role

In [12]:
dwhRole = iam.create_role(
    Path='/',
    RoleName=DWH_IAM_ROLE_NAME,
    Description='Allows Redshift clusters to call AWS services on your behalf.',
    AssumeRolePolicyDocument=json.dumps(
      {'Statement': [{'Action': 'sts:AssumeRole',
          'Effect': 'Allow',
          'Principal': {'Service': 'redshift.amazonaws.com'}}],
          'Version': '2012-10-17'})
)

#### Attach policy

In [14]:
iam.attach_role_policy(
    RoleName=DWH_IAM_ROLE_NAME,
    PolicyArn='arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess')['ResponseMetadata']['HTTPStatusCode']

roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']

#### Create Redshift cluster

In [15]:
response = redshift.create_cluster(
    # hardware
    ClusterType=DWH_CLUSTER_TYPE,
    NodeType=DWH_NODE_TYPE,
    NumberOfNodes=int(DWH_NUM_NODES),

    # identifiers & credentials
    DBName=DWH_DB,
    ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,
    MasterUsername=DWH_DB_USER,
    MasterUserPassword=DWH_DB_PASSWORD,

    # Roles (for S3 access)
    IamRoles=[roleArn]
)

#### Cluster properties

In [20]:
def RedshiftProps(props):
    pd.set_option('display.max_colwidth', -1)
    keysToShow = ["ClusterIdentifier", "NodeType", "ClusterStatus", "MasterUsername", "DBName", "Endpoint", "NumberOfNodes", 'VpcId']
    x = [(k, v) for k,v in props.items() if k in keysToShow]
    return pd.DataFrame(data=x, columns=["Key", "Value"])

myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
RedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,dwhcluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,dwhuser
4,DBName,dwh
5,Endpoint,"{'Address': 'dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-1b83f863
7,NumberOfNodes,4


In [21]:
DWH_ENDPOINT = myClusterProps['Endpoint']['Address']
DWH_ROLE_ARN = myClusterProps['IamRoles'][0]['IamRoleArn']

#### Open an incoming TCP port to access the cluster endpoint

In [27]:
try:
    vpc = ec2.Vpc(id=myClusterProps['VpcId'])
    defaultSg = list(vpc.security_groups.all())[0]
    print(defaultSg)
    
    defaultSg.authorize_ingress(
        GroupName=defaultSg.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DWH_PORT),
        ToPort=int(DWH_PORT)
    )
except Exception as e:
    print(e)

ec2.SecurityGroup(id='sg-5385717a')
An error occurred (InvalidPermission.Duplicate) when calling the AuthorizeSecurityGroupIngress operation: the specified rule "peer: 0.0.0.0/0, TCP, from port: 5439, to port: 5439, ALLOW" already exists


#### Sneak peak of log data, song data, and JSON path in the S3 bucket

In [28]:
bucket=s3.Bucket('udacity-dend')
log_data_files = [filename.key for filename in bucket.objects.filter(Prefix='log-data')]
log_data_files[:10]

['log-data/',
 'log-data/2018/11/2018-11-01-events.json',
 'log-data/2018/11/2018-11-02-events.json',
 'log-data/2018/11/2018-11-03-events.json',
 'log-data/2018/11/2018-11-04-events.json',
 'log-data/2018/11/2018-11-05-events.json',
 'log-data/2018/11/2018-11-06-events.json',
 'log-data/2018/11/2018-11-07-events.json',
 'log-data/2018/11/2018-11-08-events.json',
 'log-data/2018/11/2018-11-09-events.json']

In [29]:
song_data_files = [filename.key for filename in bucket.objects.filter(Prefix='song-data/A/A')]
song_data_files[:10]

['song-data/A/A/A/TRAAAAK128F9318786.json',
 'song-data/A/A/A/TRAAAAV128F421A322.json',
 'song-data/A/A/A/TRAAABD128F429CF47.json',
 'song-data/A/A/A/TRAAACN128F9355673.json',
 'song-data/A/A/A/TRAAAEA128F935A30D.json',
 'song-data/A/A/A/TRAAAED128E0783FAB.json',
 'song-data/A/A/A/TRAAAEM128F93347B9.json',
 'song-data/A/A/A/TRAAAEW128F42930C0.json',
 'song-data/A/A/A/TRAAAFD128F92F423A.json',
 'song-data/A/A/A/TRAAAGR128F425B14B.json']

In [41]:
json_path = s3.Object('udacity-dend', 'log_json_path.json')
print(json_path.get()['Body'].read())

b'{\n    "jsonpaths": [\n        "$[\'artist\']",\n        "$[\'auth\']",\n        "$[\'firstName\']",\n        "$[\'gender\']",\n        "$[\'itemInSession\']",\n        "$[\'lastName\']",\n        "$[\'length\']",\n        "$[\'level\']",\n        "$[\'location\']",\n        "$[\'method\']",\n        "$[\'page\']",\n        "$[\'registration\']",\n        "$[\'sessionId\']",\n        "$[\'song\']",\n        "$[\'status\']",\n        "$[\'ts\']",\n        "$[\'userAgent\']",\n        "$[\'userId\']"\n    ]\n}'


#### Check the staging and analytics tables (after ```etl.py``` implementation)

In [46]:
conn_string="postgresql://{}:{}@{}:{}/{}".format(DWH_DB_USER, DWH_DB_PASSWORD, DWH_ENDPOINT, DWH_PORT,DWH_DB)
%sql $conn_string

'Connected: dwhuser@dwh'

In [47]:
%%sql
select count(*) as stag_event from staging_events

 * postgresql://dwhuser:***@dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com:5439/dwh
1 rows affected.


stag_event
8056


In [48]:
%%sql
select count(*) as stag_song from staging_songs

 * postgresql://dwhuser:***@dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com:5439/dwh
1 rows affected.


stag_song
14896


In [49]:
%%sql
select * from songplays LIMIT 5

 * postgresql://dwhuser:***@dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com:5439/dwh
5 rows affected.


songplay_id,start_time,user_id,level,song_id,artist_id,session_id,location,user_agent
2,9999-06-27 04:40:39,49,paid,SOCHRXB12A8AE48069,ARTDQRC1187FB4EFD4,987,"San Francisco-Oakland-Hayward, CA",Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
9,9999-06-27 04:40:39,30,paid,SOTPQFM12AB017AC9E,ARANOZN1187B9B373E,324,"San Jose-Sunnyvale-Santa Clara, CA",Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
16,9999-06-27 04:40:39,88,paid,SOHIBSG12A8C13E741,ART5MUE1187B98C961,900,"Sacramento--Roseville--Arden-Arcade, CA","""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
31,9999-06-27 04:40:39,80,paid,SOXQYSC12A6310E908,AR0L04E1187B9AE90C,1065,"Portland-South Portland, ME","""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"""
38,9999-06-27 04:40:39,97,paid,SOHZDYL12A8C141C73,AR32RXI1187B9BA168,537,"Lansing-East Lansing, MI","""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36"""


In [50]:
%%sql
select * from users LIMIT 5

 * postgresql://dwhuser:***@dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com:5439/dwh
5 rows affected.


user_id,first_name,last_name,gender,level
42,Harper,Barrett,M,paid
28,Brantley,West,M,free
83,Stefany,White,F,free
15,Lily,Koch,F,paid
24,Layla,Griffin,F,paid


In [51]:
%%sql
select * from time LIMIT 5

 * postgresql://dwhuser:***@dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com:5439/dwh
5 rows affected.


start_time,hour,day,week,month,year,weekday
2018-11-01 21:01:46.796000,21,1,44,11,2018,4
2018-11-01 21:05:52.796000,21,1,44,11,2018,4
2018-11-02 09:01:21.796000,9,2,44,11,2018,5
2018-11-02 09:05:30.796000,9,2,44,11,2018,5
2018-11-02 09:16:16.796000,9,2,44,11,2018,5


In [52]:
%%sql
select * from artists LIMIT 5

 * postgresql://dwhuser:***@dwhcluster.cei2o9verxmx.us-west-2.redshift.amazonaws.com:5439/dwh
5 rows affected.


artist_id,name,location,latitude,longitude
ARYO4YF1187FB4D827,Eric Bachmann,,,
ARPONRM1187B99B272,Gato Barbieri,"Rosario, Argentina",-32.95456,-60.65649
ARVMFE61187B992463,Darwin Hobbs,,,
ARPLTOM1187FB43C56,Ultramagnetic MCs,"New York, NY [The Bronx]",40.85715,-73.85678
ARHFDOW1187B9A6B6D,Late Night Alumni,Salt Lake City/San Francisco,40.75952,-111.88823


#### Clean up the infrastructure

In [53]:
redshift.delete_cluster(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER, SkipFinalClusterSnapshot=True)
iam.detach_role_policy(RoleName=DWH_IAM_ROLE_NAME, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
iam.delete_role(RoleName=DWH_IAM_ROLE_NAME)

{'ResponseMetadata': {'RequestId': '8d8ce72c-01c6-47da-8b35-12670b72652d',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '8d8ce72c-01c6-47da-8b35-12670b72652d',
   'content-type': 'text/xml',
   'content-length': '200',
   'date': 'Sun, 16 Aug 2020 00:41:09 GMT'},
  'RetryAttempts': 0}}