## Criação do Banco de Dados no Redshift, Bucket no S3 e Permissões

In [None]:
%load_ext sql

Para ter acesso aos servicos cloud da AWS o primeiro passo foi a criacao de um usuario IAM na conta AWS e o cadastro da KEY e SECRET no arquivo dwh.cfg

In [None]:
import pandas as pd
import boto3
import json
import logging

from pathlib import Path
from botocore.exceptions import ClientError

import warnings
warnings.filterwarnings('ignore')

### Carregar parametros do Data Warehouse (DWH) do arquivo

In [None]:
import configparser
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

KEY                    = config.get('AWS','KEY')
SECRET                 = config.get('AWS','SECRET')

DWH_CLUSTER_TYPE       = config.get("DWH","DWH_CLUSTER_TYPE")
DWH_NUM_NODES          = config.get("DWH","DWH_NUM_NODES")
DWH_NODE_TYPE          = config.get("DWH","DWH_NODE_TYPE")

DWH_CLUSTER_IDENTIFIER = config.get("DWH","DWH_CLUSTER_IDENTIFIER")
DWH_DB                 = config.get("DWH","DWH_DB")
DWH_DB_USER            = config.get("DWH","DWH_DB_USER")
DWH_DB_PASSWORD        = config.get("DWH","DWH_DB_PASSWORD")
DWH_PORT               = config.get("DWH","DWH_PORT")

DWH_IAM_ROLE_NAME      = config.get("DWH", "DWH_IAM_ROLE_NAME")

### Criar clientes para IAM, EC2, S3 and Redshift

In [None]:
import boto3

ec2 = boto3.resource('ec2',
                       region_name="us-east-1",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                    )

s3 = boto3.resource('s3',
                       region_name="us-east-1",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                   )

iam = boto3.client('iam',aws_access_key_id=KEY,
                     aws_secret_access_key=SECRET,
                     region_name='us-east-1'
                  )

redshift = boto3.client('redshift',
                       region_name="us-east-1",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                       )

## Criar bucket na S3

In [None]:
bucket = "roxproject"

In [None]:
def create_bucket(bucket_name, region=None):
    """Create an S3 bucket in a specified region

    If a region is not specified, the bucket is created in the S3 default
    region (us-east-1).

    :param bucket_name: Bucket to create
    :param region: String region to create bucket in, e.g., 'us-west-2'
    :return: True if bucket created, else False
    """

    # Create bucket
    try:
        if region is None:
            s3_client = boto3.client('s3')
            s3_client.create_bucket(Bucket=bucket_name)
        else:
            s3_client = boto3.client('s3', region_name=region)
            location = {'LocationConstraint': region}
            s3_client.create_bucket(Bucket=bucket_name,
                                    CreateBucketConfiguration=location)
    except ClientError as e:
        logging.error(e)
        return False
    return True

#https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-example-creating-buckets.html

In [None]:
# Create bucket

create_bucket(bucket)

### Fazer upload dos arquivos para o bucket S3

In [None]:
path = Path('data')
files = [file.name for file in path.iterdir()]

In [None]:
files

['Sales.SalesOrderDetail.csv',
 'Sales.SalesOrderHeader.csv',
 'Sales.Customer.csv',
 'Person.Person.csv',
 'Sales.SpecialOfferProduct.csv',
 'Production.Product.csv']

In [None]:
def upload_file(file_name, bucket, object_name=None):
    """Upload a file to an S3 bucket

    :param file_name: File to upload
    :param bucket: Bucket to upload to
    :param object_name: S3 object name. If not specified then file_name is used
    :return: True if file was uploaded, else False
    """

    # If S3 object_name was not specified, use file_name
    if object_name is None:
        object_name = file_name

    # Upload the file
    s3_client = boto3.client('s3')
    try:
        response = s3_client.upload_file(file_name, bucket, object_name)
    except ClientError as e:
        logging.error(e)
        return False
    return True

# https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-uploading-files.html

In [None]:
for file_name in files:
    upload_file(file_name, bucket)

In [None]:
roxProjectBucket = s3.Bucket("roxproject")
for obj in roxProjectBucket.objects.all():
    print(obj)

s3.ObjectSummary(bucket_name='roxproject', key='Person.Person.csv')
s3.ObjectSummary(bucket_name='roxproject', key='Production.Product.csv')
s3.ObjectSummary(bucket_name='roxproject', key='Sales.Customer.csv')
s3.ObjectSummary(bucket_name='roxproject', key='Sales.SalesOrderDetail.csv')
s3.ObjectSummary(bucket_name='roxproject', key='Sales.SalesOrderHeader.csv')
s3.ObjectSummary(bucket_name='roxproject', key='Sales.SpecialOfferProduct.csv')


### IAM ROLE
- Criar IAM Role para que o Redshift possa acessar o bucket S3 (ReadOnly)

In [None]:
try:
    print("1.1 Creating a new IAM Role") 
    dwhRole = iam.create_role(
        Path='/',
        RoleName=DWH_IAM_ROLE_NAME,
        Description = "Allows Redshift clusters to call AWS services on your behalf.",
        AssumeRolePolicyDocument=json.dumps(
            {'Statement': [{'Action': 'sts:AssumeRole',
               'Effect': 'Allow',
               'Principal': {'Service': 'redshift.amazonaws.com'}}],
             'Version': '2012-10-17'})
    )    
except Exception as e:
    print(e)
    
    
print("1.2 Attaching Policy")

iam.attach_role_policy(RoleName=DWH_IAM_ROLE_NAME,
                       PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
                      )['ResponseMetadata']['HTTPStatusCode']

print("1.3 Get the IAM role ARN")
roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']

print(roleArn)

1.1 Creating a new IAM Role
An error occurred (EntityAlreadyExists) when calling the CreateRole operation: Role with name doxRole already exists.
1.2 Attaching Policy
1.3 Get the IAM role ARN
arn:aws:iam::029258854698:role/doxRole


### Redshift Cluster

- Criar cluster RedShift

In [None]:
try:
    response = redshift.create_cluster(        
        #HW
        ClusterType=DWH_CLUSTER_TYPE,
        NodeType=DWH_NODE_TYPE,
        NumberOfNodes=int(DWH_NUM_NODES),

        #Identifiers & Credentials
        DBName=DWH_DB,
        ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,
        MasterUsername=DWH_DB_USER,
        MasterUserPassword=DWH_DB_PASSWORD,
        
        #Roles (for s3 access)
        IamRoles=[roleArn]  
    )
except Exception as e:
    print(e)

### Status Cluster
- Rodar bloco até o status do cluster ficar `Available`

In [None]:
def prettyRedshiftProps(props):
    pd.set_option('display.max_colwidth', -1)
    keysToShow = ["ClusterIdentifier", "NodeType", "ClusterStatus", "MasterUsername", "DBName", "Endpoint", "NumberOfNodes", 'VpcId']
    x = [(k, v) for k,v in props.items() if k in keysToShow]
    return pd.DataFrame(data=x, columns=["Key", "Value"])

myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,doxcluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,doxuser
4,DBName,dox
5,Endpoint,"{'Address': 'doxcluster.craeubgpe2r5.us-east-1.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-73bc5214
7,NumberOfNodes,2


### Guardar dados do cluster

- endpoint and role ARN

<font color='red'>NÂO RODE até que status do cluster esteja "Available" </font>

In [None]:
DWH_ENDPOINT = myClusterProps['Endpoint']['Address']
DWH_ROLE_ARN = myClusterProps['IamRoles'][0]['IamRoleArn']
print("DWH_ENDPOINT :: ", DWH_ENDPOINT)
print("DWH_ROLE_ARN :: ", DWH_ROLE_ARN)

DWH_ENDPOINT ::  doxcluster.craeubgpe2r5.us-east-1.redshift.amazonaws.com
DWH_ROLE_ARN ::  arn:aws:iam::029258854698:role/doxRole


### Abrir porta TCP para acesso ao endpoint do cluster

In [None]:
try:
    vpcSecurityGroup = myClusterProps['VpcSecurityGroups'][0]['VpcSecurityGroupId']
    vpc = ec2.Vpc(id=myClusterProps['VpcId'])
    defaultSg = list(vpc.security_groups.filter(GroupIds=[vpcSecurityGroup]))[0]
    print(defaultSg)
    defaultSg.authorize_ingress(
        GroupName=defaultSg.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DWH_PORT),
        ToPort=int(DWH_PORT)
    )
except Exception as e:
    print(e)

ec2.SecurityGroup(id='sg-847966fc')


### Teste conexão com o cluster

In [None]:
conn_string="postgresql://{}:{}@{}:{}/{}".format(DWH_DB_USER, DWH_DB_PASSWORD, DWH_ENDPOINT, DWH_PORT,DWH_DB)
print(conn_string)
%sql $conn_string

postgresql://doxuser:Passw0rd123@doxcluster.craeubgpe2r5.us-east-1.redshift.amazonaws.com:5439/dox


'Connected: doxuser@dox'

### Remover cluster e resources

<b><font color='red'>CERTEZA QUE QUER FAZER ISSO?</b>

In [None]:
#### CAREFUL!!
#-- Uncomment & run to delete the created resources
redshift.delete_cluster( ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,  SkipFinalClusterSnapshot=True)
#### CAREFUL!!

- Rode esta celula até que o status do cluster mude para deleted

In [None]:
myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

In [None]:
#### CAREFUL!!
#-- Uncomment & run to delete the created resources
iam.detach_role_policy(RoleName=DWH_IAM_ROLE_NAME, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
iam.delete_role(RoleName=DWH_IAM_ROLE_NAME)
#### CAREFUL!!

{'ResponseMetadata': {'RequestId': 'edeeac63-5010-481c-9f87-6ac8ed229652',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': 'edeeac63-5010-481c-9f87-6ac8ed229652',
   'content-type': 'text/xml',
   'content-length': '200',
   'date': 'Mon, 07 Jun 2021 03:00:40 GMT'},
  'RetryAttempts': 0}}