# Create a Redshift cluster

In [1]:
import pandas as pd
import boto3
import json
import configparser
from botocore.exceptions import ClientError

In [2]:
config = configparser.ConfigParser()
config.read('dwh.cfg')

# AWS
KEY                    = config.get('AWS','KEY')
SECRET                 = config.get('AWS','SECRET')

# Create Redshift Cluster
CLUSTER_TYPE       = config.get("CREATE_REDSHIFT","CLUSTER_TYPE")
NUM_NODES          = config.get("CREATE_REDSHIFT","NUM_NODES")
NODE_TYPE          = config.get("CREATE_REDSHIFT","NODE_TYPE")
HOST = config.get("CREATE_REDSHIFT","CLUSTER_IDENTIFIER")


DB_NAME = config.get("CLUSTER","DB_NAME")
DB_USER = config.get("CLUSTER","DB_USER")
DB_PASSWORD = config.get("CLUSTER","DB_PASSWORD")
DB_PORT = config.get("CLUSTER","DB_PORT")

IAM_ROLE_NAME      = config.get("CREATE_REDSHIFT", "IAM_ROLE_NAME")

(DB_USER, DB_PASSWORD, DB_NAME)

('dwhuser_db', 'Some_Password9', 'dwh')

In [3]:
pd.DataFrame({"Param":
                  ["CLUSTER_TYPE", "NUM_NODES", "NODE_TYPE", "HOST", "DB_NAME", "DB_USER", "DB_PASSWORD", "DB_PORT", "IAM_ROLE_NAME"],
              "Value":
                  [CLUSTER_TYPE, NUM_NODES, NODE_TYPE, HOST, DB_NAME, DB_USER, DB_PASSWORD, DB_PORT, IAM_ROLE_NAME]
             })

Unnamed: 0,Param,Value
0,CLUSTER_TYPE,multi-node
1,NUM_NODES,4
2,NODE_TYPE,dc2.large
3,HOST,RedshiftCluster
4,DB_NAME,dwh
5,DB_USER,dwhuser_db
6,DB_PASSWORD,Some_Password9
7,DB_PORT,5439
8,IAM_ROLE_NAME,dwhuser_Redshift


Create clients for IAM, Redshift and EC2

In [4]:
iam = boto3.client('iam', 
                        region_name='eu-west-2',
                        aws_access_key_id=KEY,
                        aws_secret_access_key=SECRET
                        )

redshift = boto3.client('redshift',
                        region_name='eu-west-2',
                        aws_access_key_id=KEY,
                        aws_secret_access_key=SECRET
                        )

ec2 = boto3.resource('ec2',
                       region_name='eu-west-2',
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                    )

Create a role for Redshift to access S3

In [5]:
# For Redshift to access data in S3: create a new role and grant AmazonS3ReadOnlyAccess.
try:
    print('Creating a new IAM role. Name: {}.'.format(IAM_ROLE_NAME)) 
    dwhRole = iam.create_role(
        Path='/',
        RoleName=IAM_ROLE_NAME,
        Description = "Allows Redshift clusters to call AWS services on your behalf.",
        AssumeRolePolicyDocument=json.dumps(
            {'Statement': [{'Action': 'sts:AssumeRole',
               'Effect': 'Allow',
               'Principal': {'Service': 'redshift.amazonaws.com'}}],
             'Version': '2012-10-17'})
    )  
except Exception as e:
    print(e)
    
print('Attaching Policy: grant AmazonS3ReadOnlyAccess to the new role.')
try:
    iam.attach_role_policy(RoleName=IAM_ROLE_NAME,
                       PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
                      )['ResponseMetadata']['HTTPStatusCode']
except Exception as e:
    print(e)
    
print("Get the IAM role unique identifier, the ARN:")
roleArn = iam.get_role(RoleName=IAM_ROLE_NAME)['Role']['Arn']
print(roleArn)

Creating a new IAM role. Name: dwhuser_Redshift.
Attaching Policy: grant AmazonS3ReadOnlyAccess to the new role.
Get the IAM role unique identifier, the ARN:
arn:aws:iam::385312690116:role/dwhuser_Redshift


Create a Redshift cluster

In [6]:
try:
    response = redshift.create_cluster(   
        # AWS Docs: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster
        # Hardware
        ClusterType=CLUSTER_TYPE,
        NodeType=NODE_TYPE,
        NumberOfNodes=int(NUM_NODES),

        # Identifiers & Credentials
        DBName=DB_NAME,
        ClusterIdentifier=HOST,
        MasterUsername=DB_USER,
        MasterUserPassword=DB_PASSWORD,
        
        # IAM role for the Redshift cluster to access other AWS services (for s3 access)
        IamRoles=[roleArn]  
    )
except Exception as e:
    print('Error creating the Redshift cluster.')
    print(e)

Status of the new Redshift cluster

In [7]:
def getRedshiftProperties(props):
    pd.set_option('display.max_colwidth', -1)
    keysToShow = ['ClusterIdentifier', 'NodeType', 'ClusterStatus', 'MasterUsername', 'DBName', 'Endpoint', 'NumberOfNodes', 'VpcId']
    x = [(i, j) for i, j in props.items() if i in keysToShow]
    return pd.DataFrame(data=x, columns=['Key', 'Value'])

In [10]:
ClusterProperties = redshift.describe_clusters(ClusterIdentifier=HOST)['Clusters'][0]
print("Get the properties of our new Cluster with the ClusterIdentifier name '{}'.\n\nThe cluster is available: {}. More details:\n\n"\
      .format(HOST, ClusterProperties['ClusterStatus'] == 'available'))
getRedshiftProperties(ClusterProperties)

Get the properties of our new Cluster with the ClusterIdentifier name 'RedshiftCluster'.

The cluster is available: True. More details:




Unnamed: 0,Key,Value
0,ClusterIdentifier,redshiftcluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,dwhuser_db
4,DBName,dwh
5,Endpoint,"{'Address': 'redshiftcluster.cvnfbkfaqlbt.eu-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-0dcd107c152456690
7,NumberOfNodes,4


### Get the cluster endpoint and role ARN
Rerun the last cell till the status of the cluster is `available`.

In [11]:
REDSHIFT_ENDPOINT = ClusterProperties['Endpoint']['Address']
REDSHIFT_ROLE_ARN = ClusterProperties['IamRoles'][0]['IamRoleArn']
print('REDSHIFT_ENDPOINT: ', REDSHIFT_ENDPOINT)
print('REDSHIFT_ROLE_ARN: ', REDSHIFT_ROLE_ARN)

REDSHIFT_ENDPOINT:  redshiftcluster.cvnfbkfaqlbt.eu-west-2.redshift.amazonaws.com
REDSHIFT_ROLE_ARN:  arn:aws:iam::385312690116:role/dwhuser_Redshift


### Write the cluster endpoint and role ARN to the configfile for re-use

In [12]:
# inspired by https://stackoverflow.com/questions/27964134/change-value-in-ini-file-using-configparser-python
config.set('CLUSTER', 'REDSHIFT_ENDPOINT', REDSHIFT_ENDPOINT)
config.set('IAM_ROLE', 'arn', REDSHIFT_ROLE_ARN)
with open('dwh.cfg', 'w') as configfile:
    config.write(configfile)

### Allow access to Redshift
Open an incoming TCP port to access the Redshift cluster endpoint

In [13]:
try:
    vpc = ec2.Vpc(id=ClusterProperties['VpcId'])
    defaultSg = list(vpc.security_groups.all())[0]
    print('The identified security group name is: {}\n'.format(defaultSg))
    if len(list(vpc.security_groups.all())) > 1:
        print('Warning: There is more than 1 security group. It is worth cross-checking that the correct security group was identified.\n')
    defaultSg.authorize_ingress(
        GroupName=defaultSg.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DB_PORT),
        ToPort=int(DB_PORT)
    )
except Exception as e:
    print(e)

The identified security group name is: ec2.SecurityGroup(id='sg-093c19f34254f5c7b')


An error occurred (InvalidPermission.Duplicate) when calling the AuthorizeSecurityGroupIngress operation: the specified rule "peer: 0.0.0.0/0, TCP, from port: 5439, to port: 5439, ALLOW" already exists


### Connect to the cluster

In [14]:
%load_ext sql

In [15]:
# https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING:
# postgresql://[userspec@][hostspec][/dbname][?paramspec]
conn_string = 'postgresql://{}:{}@{}:{}/{}'.format(DB_USER, DB_PASSWORD, REDSHIFT_ENDPOINT, DB_PORT, DB_NAME)
print(conn_string)
%sql $conn_string

postgresql://dwhuser_db:Some_Password9@redshiftcluster.cvnfbkfaqlbt.eu-west-2.redshift.amazonaws.com:5439/dwh


'Connected: dwhuser_db@dwh'

### Clean up the resources

Set `clean_up_resources` to True to delete the Redshift cluster and IAM role policy and IAM role.

In [16]:
clean_up_resources = False

if clean_up_resources:
    redshift.delete_cluster(ClusterIdentifier=HOST,  SkipFinalClusterSnapshot=True)
    iam.detach_role_policy(RoleName=IAM_ROLE_NAME, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
    iam.delete_role(RoleName=IAM_ROLE_NAME)

    ClusterProperties = redshift.describe_clusters(ClusterIdentifier=HOST)['Clusters'][0]
    getRedshiftProperties(ClusterProperties)