Terraform Provider for AWS Redshift

This provider allows to manage with Terraform AWS Redshift objects like users, groups, schemas, etc...

It's published on the OpenTofu Registry.

Requirements

• Terraform >= 1.0
• Go 1.24 (to build the provider plugin)

Limitations

Untested features

Due to limited testing capacities, the following features are not tested/stable yet:

• External Schemas
  • Hive Database
  • RDS Postgres Database
  • RDS MySQL Database
  • Redshift Database
• Temporary Credentials Cluster Identifier
• Temporary Credentials Assume Role
• Datashares

Using the AWS Redshift Data API

This provider does support connecting to the Redshift instance using the AWS Redshift Data API. However, this is not the default behavior, requires some additional configuration and comes along with some caveats:

• Transactions are not run as real DB-level transactions, but rather as a sequence of individual statements (BatchExecuteStatement executes all statements at once and does not support queries while being in transaction mode).
• Due to the unsupported state of transactions, interfering DB interactions might lead to unexpected results.
• In order to prevent errors due to conflicts with concurrent transactions, all statements depend on one lock across resources. This may lead to longer execution times, especially when multiple resources are created or updated at the same time.

Building The Provider

$ git clone git@github.com:dbsystel/terraform-provider-redshift

Enter the provider directory and build the provider

$ cd terraform-provider-redshift
$ make build

Development

If you're new to provider development, a good place to start is the Extending Terraform docs.

Running Tests

Acceptance tests require a running real AWS Redshift cluster.

TF_ACC=1
TF_ACC_PROVIDER_HOST=registry.opentofu.org
TF_ACC_PROVIDER_NAMESPACE=hashicorp
TF_ACC_TERRAFORM_PATH=<path to tofu binary>
REDSHIFT_DATABASE=redshift
REDSHIFT_ROOT_USERNAME=someotherroot

# user + password setup
REDSHIFT_HOST=<cluster ip or DNS>
REDSHIFT_USER=root
REDSHIFT_PASSWORD=<password>

# Redshift Data API setup
AWS_REGION=eu-central-1
REDSHIFT_DATA_API_SERVERLESS_WORKGROUP_NAME=some-workgroup
REDSHIFT_TEST_ACC_DEBUG_REDSHIFT_DATA=true
# optional, if the instance is not reachable through TCP/IP using the REDSHIFT_HOST env var
REDSHIFT_TEST_ACC_SKIP_USER_LOGIN=true

make testacc

If your cluster is only accessible from within the VPC, you can connect via a socks proxy:

ALL_PROXY=socks5[h]://[<socks-user>:<socks-password>@]<socks-host>[:<socks-port>]
NO_PROXY=127.0.0.1,192.168.0.0/24,*.example.com,localhost

Documentation

Documentation is generated with tfplugindocs. Generated files are in docs/ and should not be updated manually. They are derived from:

• Schema Description fields in the provider Go code.
• examples/
• templates/

Use go generate to update generated docs.

Releasing

Builds and releases are automated with GitHub Actions and GoReleaser. The changelog is managed with github-changelog-generator.

Currently there are a few manual steps to this:

1. Update the changelog:

   RELEASE_VERSION=v... \
   CHANGELOG_GITHUB_TOKEN=... \
   make changelog

   This will commit the changelog locally.

2. Review generated changelog and push:

   View the committed changelog with git show. If all is well git push origin master.

3. Kick off the release:

   RELEASE_VERSION=v... \
   make release

   Once the command exits, you can monitor the rest of the process on the Actions UI.

4. Publish release:

   The Action creates the release, but leaves it in "draft" state. Open it up in a browser and if all looks well, click the publish button.