
## Create a Redshift Cluster using the AWS SDK (boto3) using credentials in dwh config file


import the necessary packages

In [1]:
import pandas as pd # required to view results in a datframe
import boto3
import json


### create IAM User

 Using my root user i created a new IAM user with CLI access and attached the existing 'AdminsitratorAccess' policy, via the AWS Console. 
 I then added genrated an access key and secret AFTER the user was created. The access key and secret were added to the dwh.cfg file to be used in parameters for the code below

### add an admin password for the DWH to the dwh.cfg file.
you will need to add this in the dw.cfg file before running the code below, at least 8 chars long with one integer.



# Load DWH Params from the dwh.cfg file

In [39]:
import configparser
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

KEY                    = config.get('AWS','KEY')
SECRET                 = config.get('AWS','SECRET')



DWH_CLUSTER_TYPE       = config.get("DWH","DWH_CLUSTER_TYPE")
DWH_NUM_NODES          = config.get("DWH","DWH_NUM_NODES")
DWH_NODE_TYPE          = config.get("DWH","DWH_NODE_TYPE")

DWH_CLUSTER_IDENTIFIER = config.get("DWH","DWH_CLUSTER_IDENTIFIER")
DWH_DB                 = config.get("DWH","DWH_DB")
DWH_DB_USER            = config.get("DWH","DWH_DB_USER")
DWH_DB_PASSWORD        = config.get("DWH","DWH_DB_PASSWORD") # you will need to set this in the dwh, at least 8 chars long with one integer. run this code again when done.
DWH_PORT               = config.get("DWH","DWH_PORT")

DWH_IAM_ROLE_NAME      = config.get("DWH", "DWH_IAM_ROLE_NAME")

(DWH_DB_USER, DWH_DB_PASSWORD, DWH_DB)

pd.DataFrame({"Param":
                  ["DWH_CLUSTER_TYPE", "DWH_NUM_NODES", "DWH_NODE_TYPE", "DWH_CLUSTER_IDENTIFIER", "DWH_DB", "DWH_DB_USER", "DWH_DB_PASSWORD", "DWH_PORT", "DWH_IAM_ROLE_NAME"],
              "Value":
                  [DWH_CLUSTER_TYPE, DWH_NUM_NODES, DWH_NODE_TYPE, DWH_CLUSTER_IDENTIFIER, DWH_DB, DWH_DB_USER, DWH_DB_PASSWORD, DWH_PORT, DWH_IAM_ROLE_NAME]
             })

NoOptionError: No option 'dwh_cluster_identifier' in section: 'DWH'

## Create clients for EC2, S3, IAM, and Redshift

In [16]:
import boto3

ec2 = boto3.resource('ec2',
                       region_name="us-west-2",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                    )

s3 = boto3.resource('s3',
                       region_name="us-west-2",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                   )

iam = boto3.client('iam',aws_access_key_id=KEY,
                     aws_secret_access_key=SECRET,
                     region_name="us-west-2"
                  )

redshift = boto3.client('redshift',
                       region_name="us-west-2",
                       aws_access_key_id=KEY,
                       aws_secret_access_key=SECRET
                       )


## Check out the sample data sources on S3

In [49]:
sparkifyS3 =  s3.Bucket("udacity-dend")
for obj in sparkifyS3.objects.filter(Prefix="log_data/2018/11"):
    print(obj)
# for obj in sampleDbBucket.objects.all():
#     print(obj)

s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-01-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-02-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-03-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-04-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-05-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-06-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-07-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-08-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-09-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-10-events.json')
s3.ObjectSummary(bucket_name='udacity-dend', key='log_data/2018/11/2018-11-11-ev

## CREATE IAM ROLE
- Create an IAM Role that makes Redshift able to access S3 bucket (ReadOnly), can add others her or via the console, the latter is easier

In [7]:
from botocore.exceptions import ClientError

try:
    print("1.1 Creating a new IAM Role") 
    dwhRole = iam.create_role(
        Path='/',
        RoleName=DWH_IAM_ROLE_NAME,
        Description = "Allows Redshift clusters to call AWS services on your behalf.",
        AssumeRolePolicyDocument=json.dumps(
            {'Statement': [{'Action': 'sts:AssumeRole',
               'Effect': 'Allow',
               'Principal': {'Service': 'redshift.amazonaws.com'}}],
             'Version': '2012-10-17'})
    )    
except Exception as e:
    print(e)
    
    

1.1 Creating a new IAM Role
An error occurred (EntityAlreadyExists) when calling the CreateRole operation: Role with name sparkify-dwh-role already exists.


In [8]:
print("1.2 Attaching Policy")

iam.attach_role_policy(RoleName=DWH_IAM_ROLE_NAME,
                       PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
                      )['ResponseMetadata']['HTTPStatusCode']

1.2 Attaching Policy


200

In [9]:

print("1.3 Get the IAM role ARN")
roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']

print(roleArn)



1.3 Get the IAM role ARN
arn:aws:iam::599440278591:role/sparkify-dwh-role


## CREATE the Redshift Cluster

- Create a RedShift Cluster
- For complete arguments to `create_cluster`, see [docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster)

In [18]:
try:
    response = redshift.create_cluster(        
        
        # redshift
        ClusterType=DWH_CLUSTER_TYPE,
        NodeType=DWH_NODE_TYPE,
        NumberOfNodes=int(DWH_NUM_NODES),
        

        # rds credentials
        DBName=DWH_DB,
        ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,
        MasterUsername=DWH_DB_USER,
        MasterUserPassword=DWH_DB_PASSWORD,
        
        
        # add parameter for role (to allow s3 access)
        
        IamRoles=[roleArn]  
         
    )
except Exception as e:
    print(e)

##*Describe* the cluster to see its status
- run this block several times until the cluster status becomes `Available`

In [23]:
def prettyRedshiftProps(props):
    pd.set_option('display.max_colwidth', 1)
    keysToShow = ["ClusterIdentifier", "NodeType", "ClusterStatus", "MasterUsername", "DBName", "Endpoint", "NumberOfNodes", 'VpcId']
    x = [(k, v) for k,v in props.items() if k in keysToShow]
    return pd.DataFrame(data=x, columns=["Key", "Value"])

myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

Unnamed: 0,Key,Value
0,ClusterIdentifier,sparkify-redshift-cluster
1,NodeType,dc2.large
2,ClusterStatus,available
3,MasterUsername,sparkifypostgres
4,DBName,sparkify-rds-database
5,Endpoint,"{'Address': 'sparkify-redshift-cluster.cglf6pmxgwzj.us-west-2.redshift.amazonaws.com', 'Port': 5439}"
6,VpcId,vpc-0f2bdf7e48425556c
7,NumberOfNodes,4


## Take note of the cluster <font color='red'> endpoint and role ARN </font> </h2>

<font color='red'>DO NOT RUN THIS unless the cluster status becomes "Available" </font> 

ADD DWH_ENDPOINT to HOST in 'dwh.cfg'

ADD DWH_ROLE_ARN to ARN 'dwh.cfg'

In [24]:
DWH_ENDPOINT = myClusterProps['Endpoint']['Address']
DWH_ROLE_ARN = myClusterProps['IamRoles'][0]['IamRoleArn']
print("DWH_ENDPOINT :: ", DWH_ENDPOINT)
print("DWH_ROLE_ARN :: ", DWH_ROLE_ARN)

DWH_ENDPOINT ::  sparkify-redshift-cluster.cglf6pmxgwzj.us-west-2.redshift.amazonaws.com
DWH_ROLE_ARN ::  arn:aws:iam::599440278591:role/sparkify-dwh-role


## Open an incoming TCP port to access the cluster endpoint

In [28]:
try:
    vpc = ec2.Vpc(id=myClusterProps['VpcId'])
    defaultSg = list(vpc.security_groups.all())[0]
    print(defaultSg)
    
    defaultSg.authorize_ingress(
        GroupName='redshift-security-group',
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(DWH_PORT),
        ToPort=int(DWH_PORT)
    )
except Exception as e:
    print(e)


ec2.SecurityGroup(id='sg-0bbb29f48f4eb4ae5')
An error occurred (InvalidPermission.Duplicate) when calling the AuthorizeSecurityGroupIngress operation: the specified rule "peer: 0.0.0.0/0, TCP, from port: 5439, to port: 5439, ALLOW" already exists
ec2.Vpc(id='vpc-0f2bdf7e48425556c')


### add redshift-security-group to cluster

you will need to add the SECURITY_GROUP_ID to the dwg.cfg file

In [37]:


def add_security_group_to_cluster(DWH_CLUSTER_IDENTIFIER, SECURITY_GROUP_ID):
    """
    Adds a security group to a Redshift cluster.
    
    :param cluster_name: Name of the Redshift cluster
    :param security_group_id: ID of the security group to add
    """
    try:
        response = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)
        cluster = response['Clusters'][0]

        # Get the current security groups attached to the cluster
        current_security_groups = [sg['VpcSecurityGroupId'] for sg in cluster['VpcSecurityGroups']]

        print(current_security_groups)


        # Add the new security group to the list
        current_security_groups.append(SECURITY_GROUP_ID)

        # Modify the cluster's security groups
        redshift.modify_cluster(
            ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,
            VpcSecurityGroupIds=current_security_groups
        )
        print(f"Security Group {SECURITY_GROUP_ID} added to Cluster {DWH_CLUSTER_IDENTIFIER}.")

    except Exception as e:
        print(f"An error occurred: {e}")

# Usage
add_security_group_to_cluster(DWH_CLUSTER_IDENTIFIER,SECURITY_GROUP_ID)


['sg-0bbb29f48f4eb4ae5']
Security Group sg-07365a7a8960d0916 added to Cluster sparkify-redshift-cluster.


## Test connection to the cluster with load_ext sql

In [38]:
%load_ext sql
import psycopg2



The sql extension is already loaded. To reload it, use:
  %reload_ext sql


In [27]:
conn_string="postgresql://{}:{}@{}:{}/{}".format(DWH_DB_USER, DWH_DB_PASSWORD, DWH_ENDPOINT, DWH_PORT,DWH_DB)
print(conn_string)
%sql $conn_string

postgresql://sparkifypostgres:adminPassword1@sparkify-redshift-cluster.cglf6pmxgwzj.us-west-2.redshift.amazonaws.com:5439/sparkify-rds-database
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 145, in __init__
    self._dbapi_connection = engine.raw_connection()
                             ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 3288, in raw_connection
    return self.pool.connect()
           ^^^^^^^^^^^^^^^^^^^
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sqlalchemy/pool/base.py", line 452, in connect
    return _ConnectionFairy._checkout(self)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sqlalchemy/pool/base.py", line 1267, in _checkout
    fairy

## STEP 5: Clean up your resources

<b><font color='red'>DO NOT RUN THIS UNLESS YOU ARE SURE <br/> 
    We will be using these resources in the next exercises</span></b>

In [52]:
#### CAREFUL!!
#-- Uncomment & run to delete the created resources
redshift.delete_cluster( ClusterIdentifier=DWH_CLUSTER_IDENTIFIER,  SkipFinalClusterSnapshot=True)
#### CAREFUL!!

InvalidClusterStateFault: An error occurred (InvalidClusterState) when calling the DeleteCluster operation: There is an operation running on the Cluster. Please try to delete it at a later time.

- run this block several times until the cluster really deleted

In [57]:
myClusterProps = redshift.describe_clusters(ClusterIdentifier=DWH_CLUSTER_IDENTIFIER)['Clusters'][0]
prettyRedshiftProps(myClusterProps)

ClusterNotFoundFault: An error occurred (ClusterNotFound) when calling the DescribeClusters operation: Cluster sparkify-redshift-cluster not found.

In [56]:
#### CAREFUL!!
#-- Uncomment & run to delete the created resources
iam.detach_role_policy(RoleName=DWH_IAM_ROLE_NAME, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
iam.delete_role(RoleName=DWH_IAM_ROLE_NAME)
#### CAREFUL!!

NoSuchEntityException: An error occurred (NoSuchEntity) when calling the DetachRolePolicy operation: Policy arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess was not found.