Amazon Redshift
Amazon Redshift is a managed scalable database warehouse where Nobl9 users can store their metrics information. Nobl9 allows retrieving metrics data from Redshift, enabling customers to use standard SQL statements that require two specific return valuesβa value and a timestamp.
Authenticationβ
Authentication - scope of supportβ
- Nobl9 does not support SQL connections.
- Nobl9 does not support temporary credentials.
- Nobl9 supports authentication via AWS Secrets Manager stored secret for authenticating with the Data API.
- Use Cross-Account IAM roles to authenticate to Redshift (see below for the deprecated authentication method)
Secret-ARNβ
Nobl9 supports
authenticating with Amazon Redshiftβs Data API using the AWS Secrets Manager.
To connect to Redshift through direct and agent configuration,
you must create a secret and ensure the secret is tagged with the RedshiftDataFullAccess
permission.
When running the agent, you will also be asked to provide the ARN for the secret.
For more information on Redshift secrets, refer to Using the Amazon Redshift Data API | Amazon Redshift documentation.
Cross-account IAM rolesβ
Prerequisitesβ
You can activate cross-account access in AWS using the External ID and Nobl9 AWS Account ID. To create an IAM role ARN with cross-account access, make sure the following prerequisites are complete:
- Copy the External ID and Nobl9 AWS Account ID values in the Data source wizard.
Check Cross Account Resource Access in IAM | AWS documentation to learn more.
-
Policy permissions for your IAM role require a custom policy that allows action
secretsmanager:GetSecretValueon
for the resource pointed by the SecretARN.When you miss this policy, create it in the IAM > Policies > Create Policy > Specify Permission > JSON section:
In the policy editor, apply the following JSON statement, replacing your-Secret-ARN
with your AWS Secret ARN value in the statement.resource
field.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:*:your-Secret-ARN"
}
]
}
IAM role ARN creationβ
Sign in to the AWS Management Console. Open the IAM console.
- Choose Roles on the navigation pane.
The Roles section opens.
-
Click Create Role:
To create the access role, you select a trusted entity first.
- Choose the AWS account role tile:
-
Choose Another AWS account. Paste the
Nobl9 Account ID
you copied in the Nobl9 Data source wizard.
This is the account you're granting access to your resources. -
Select Require External ID. Paste the
Nobl9 External ID
you copied in the Nobl9 Data source wizard.
This option automatically adds a condition to the trust policy, allowing users to assume the role only if the request includes the correctsts:ExternalID
.
- Click Next.
- In the Add Permissions section, attach the
AmazonRedshiftDataFullAccess
permission policy. Click Next:
Make sure this policy allows action secretsmanager:GetSecretValueon
for the resource pointed by the SecretARN. When this action is missing, read Prerequisites.
- Click Next and save the role. Then, copy its IAM Role ARN to the Data source wizard in Nobl9 UI.
Adding Amazon Redshift as a data sourceβ
To ensure data transmission between Nobl9 and your data source, it may be necessary to list Nobl9 IP addresses as trusted.
- 18.159.114.21
- 18.158.132.186
- 3.64.154.26
You can add the Amazon Redshift data source using the direct or agent connection methods. For both methods, start with these steps:
- Navigate to Integrations > Sources.
- Click .
- Click the relevant Source icon.
- Choose a relevant connection method (Agent or Direct), then configure the source as described below.
Amazon Redshift directβ
Direct configuration in the UIβ
Direct connection to Amazon Redshift requires users to enter their credentials which Nobl9 stores safely. To set up this type of connection:
-
Select one of the following Release Channels:
- The
stable
channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of abeta
release. Use it to avoid crashes and other limitations. - The
beta
channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel may be subject to change.
- The
-
Enter your AWS Secret ARN (mandatory).
The secret must be tagged withRedshiftDataFullAccess
permission. For more information, see Data API | Amazon Redshift documentation -
Enter the IAM Role ARN.
Check the instructions above for more details.
- Select a Project.
Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses thedefault
project. - Enter a Display Name.
You can enter a user-friendly name with spaces in this field. - Enter a Name.
The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example,my-project-1
). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result. - Enter a Description.
Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it. - Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
- The default value in Amazon Redshift integration for Query delay is
30 seconds
.
infoChanging the Query delay may affect your SLI data. For more details, check the Query delay documentation. - The default value in Amazon Redshift integration for Query delay is
- Click Add Data Source
Direct using CLI - YAMLβ
The YAML for setting up a direct connection to Amazon Redshift looks like this:
apiVersion: n9/v1alpha
kind: Direct
metadata:
name: redshift-direct
displayName: Redshift Direct
project: redshift-direct
spec:
sourceOf:
- Metrics
releaseChannel: beta
queryDelay:
unit: Minute
value: 720
logCollectionEnabled: false
redshift:
roleARN: ""
secretARN: ""
Field | Type | Description |
---|---|---|
queryDelay.unit mandatory | enum | Specifies the unit for the query delay. Possible values: Second | Minute . β’ Check query delay documentation for default unit of query delay for each source. |
queryDelay.value mandatory | numeric | Specifies the value for the query delay. β’ Must be a number less than 1440 minutes (24 hours). β’ Check query delay documentation for default unit of query delay for each source. |
logCollectionEnabled optional | boolean | Optional. Defaults to false . Set to true if you'd like your direct to collect event logs. Beta functionality available only through direct release channel. Reach out to support@nobl9.com to activate it. |
releaseChannel mandatory | enum | Specifies the release channel. Accepted values: beta | stable . |
Source-specific fields | ||
redshift.roleARN mandatory | string, secret | See authentication section above for more details. |
redshift.secretARN mandatory | string, secret | See authentication section above for more details. |
Amazon Redshift agentβ
Agent configuration in the UIβ
Follow the instructions below to create your Amazon Redshift agent connection. Refer to the section above for the description of the fields.
- Enter a Project.
- Enter a Display Name.
- Enter a Name.
- Create a Description.
- Customize the Query Delay.
- Click Add Data Source