Redshift

Amazon Redshift is a Warehouse output connector. Connect to your Redshift data warehouse to get all your vulnerability data in one place.

IP Allowlists

You might need to add the Monad IP range of 34.210.32.104/32 to your Redshift allowlist, so Monad can connect to it.

Summary

After setting up your Redshift connector every time you sync your data, Monad will send the data in the MOM format to your Redshift tables. You need to create an IAM role that monad can assume with permissions to access an S3 bucket. This S3 bucket is used to stage the data before it is loaded into Redshift, and then it is deleted from your bucket. It is advised to create a new bucket for this. You will also need to create a Redshift cluster and a database if you do not already have one. Make sure you modify your Security group that is attached to the VPC your cluster is in to allow for inbound TCP Redshift connections on port 5439 (this is the default redshift port). Also be sure to enable Publicly accessible in your redshift Network and security settings.

Setup Instructions:

AWS Permissions

To enable the connector to write/delete from your S3 bucket, you will first need to set up a trusted role in your AWS account. Here are the steps to follow:

  1. Go to the AWS console and navigate to IAM, then select Roles.
  2. Click on the “Create role” button located in the top-right corner of the page.
  3. For “Trusted entity type,” choose “AWS account,” then select “Another AWS account.” Input 271127603659 and click Next.
  4. To grant permissions, click “Create policy” in the top-right corner of the page. Here, you can either use the visual aid to grant S3: GetObject, ListBucket, DeleteObject, PutObject permission to the bucket you’ve created or use the JSON option and paste the following code. NOTE: You must change {your bucket name} to the name of the bucket you want to use. 
    {
 "Version": "2012-10-17",
 "Statement": [
     {
         "Sid": "VisualEditor0",
         "Effect": "Allow",
         "Action": [
             "s3:PutObject",
             "s3:GetObject",
             "s3:ListBucket",
             "s3:DeleteObject"
         ],
         "Resource": [
             "arn:aws:s3:::{your bucket name}",
             "arn:aws:s3:::{your bucket name}/*"
         ]
     }
 ]
}
  5. Add any necessary tags as defined by your organization, and click Next.
  6. Give the role a name and description, then click “Create policy.”
  7. Navigate back to the previous tab to continue creating the role. Click “Refresh” next to “Create policy” and search for the role you just created. Select it and click Next.
  8. In Step 1: Select trusted entities click “Edit” then copy and paste the following JSON 
    {
 "Version": "2012-10-17",
 "Statement": [
     {
         "Effect": "Allow",
         "Principal": {
             "AWS": "arn:aws:iam::271127603659:role/monad-app"
         },
         "Action": "sts:AssumeRole"
     }
 ]
}

    This allows Monad’s monad-app role to assume the role you’ve created, which will give access to the S3 bucket.

  9. Give the role a name, and then click “Create role.”
  10. Search for the role you just created under “Roles,” select it, and copy the ARN. It should look something like arn:aws:iam::{account-id}:role/{role-you-created}. You will need this when creating your Redshift connector.

Redshift/VPC Setup

  1. Make sure you update your security group attached to your VPC to allow inbound TCP IPv4/IPv6 redshift connection traffic to your cluster on port 5439.
  2. Enable Publicly accessible in your redshift Network and security settings.

Redshift Connector

  1. You will need to create a Redshift cluster and a database if you do not already have one.
  2. Follow the IAM role setup instructions above.
  3. Create an S3 bucket that you will use to stage the data before it is loaded into Redshift.
  4. Connector Fields
    • DISPLAY NAME: The name shown in the monad UI for this connector.
    • HOST: This is the redshift host endpoint. You can get this from your redshift cluster page in the AWS console.
      • NOTE: Do not include the port number in this field or the database name which is shown in the console. For example: redshift-cluster-1.abc123.us-east-1.redshift.amazonaws.com not redshift-cluster-1.abc123.us-east-1.redshift.amazonaws.com:5439/mydatabase
    • PORT: The port number for your redshift cluster. This is usually 5439.
    • USER: The username for your redshift cluster.
    • PASSWORD: The password for your redshift cluster.
    • DATABASE NAME: The name of the database you want to connect to.
    • TARGET SCHEMA: The schema you want to write to in your database.
    • ROLE ARN: The ARN of the role you created in the IAM role setup instructions.
    • S3 BUCKET: The name of the S3 bucket you created to stage the data.
  5. (Optional) - select your models to export
  6. Click Connect.

Monad then tests the connection to Redshift, and if successful, begins syncing data from your Monad account into your Redshift warehouse.

This page was last modified: 9 Oct 2023