Amazon Redshift

Reading time: 0 minute(s) (0 words)

Amazon Redshift is a managed scalable database warehouse where Nobl9 users can store their metrics information. Nobl9 allows retrieving metrics data from Redshift, enabling customers to use standard SQL statements that require two specific return values—a value and a timestamp.

Amazon Redshift parameters and supported features in Nobl9

General support:

Release channel: Stable, Beta

Connection method: Agent, Direct

Replay and SLI Analyzer: Not supported

Event logs: Supported

Query checker: Not supported

Query parameters retrieval: Not supported

Timestamp cache persistence: Supported

---

Query parameters:

Query interval: 1 min

Query delay: 30 sec

Jitter: 15 sec

Timeout: 30 sec

---

Agent details and minimum required versions for supported features:

Plugin name: n9redshift

Query delay environment variable: REDSHIFT_QUERY_DELAY

Timestamp cache persistence: 0.65.0

---

Additional notes:

AWS Secrets Manager and Cross-Account IAM roles for authentication

No support for SQL connections and temporary credentials

Authentication

For authentication, you can use:

• Authentication via AWS Secrets Manager stored secret for authenticating with the Data API
• Cross-Account IAM roles for authentication to Redshift

SQL connections and temporary credentials are not supported.

Secret-ARN

Nobl9 supports authenticating with Amazon Redshift’s Data API using the AWS Secrets Manager. To connect to Redshift through direct and agent configuration, you must create a secret and ensure the secret is tagged with the RedshiftDataFullAccess permission.

tip

When running the agent, you will also be asked to provide the ARN for the secret.

For more information on Redshift secrets, refer to Using the Amazon Redshift Data API | Amazon Redshift documentation.

Cross-account IAM roles

Prerequisites

You can activate cross-account access in AWS using the External ID and Nobl9 AWS Account ID. To create an IAM role ARN with cross-account access, make sure the following prerequisites are complete:

1. Copy the External ID and Nobl9 AWS Account ID values in the Data source wizard.
   

Image 1: Configuring IAM Role ARN in the Data source wizard

note

Check Cross Account Resource Access in IAM | AWS documentation to learn more.

2. Policy permissions for your IAM role require a custom policy that allows action secretsmanager:GetSecretValueon for the resource pointed by the SecretARN.

   When you miss this policy, create it in the IAM > Policies > Create Policy > Specify Permission > JSON section:

In the policy editor, apply the following JSON statement, replacing your-Secret-ARN with your AWS Secret ARN value in the statement.resource field.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "arn:aws:secretsmanager:*:your-Secret-ARN"
    }
  ]
}

IAM role ARN creation

Sign in to the AWS Management Console. Open the IAM console.

1. Choose Roles on the navigation pane.

The Roles section opens.

2. Click Create Role:

   

To create the access role, you select a trusted entity first.

3. Choose the AWS account role tile:

4. Choose Another AWS account. Paste the Nobl9 Account ID you copied in the Nobl9 Data source wizard.
   This is the account you're granting access to your resources.

5. Select Require External ID. Paste the Nobl9 External ID you copied in the Nobl9 Data source wizard.
   This option automatically adds a condition to the trust policy, allowing users to assume the role only if the request includes the correct sts:ExternalID.
   

6. Click Next.
7. In the Add Permissions section, attach the AmazonRedshiftDataFullAccess permission policy. Click Next:

Important

Make sure this policy allows action secretsmanager:GetSecretValueon for the resource pointed by the SecretARN. When this action is missing, read Prerequisites.

8. Click Next and save the role. Then, copy its IAM Role ARN to the Data source wizard in Nobl9 UI.

Adding Amazon Redshift as a data source

To ensure data transmission between Nobl9 and Amazon Redshift, it may be necessary to list Nobl9 IP addresses as trusted.

💻ip allowlist

IP addresses to include in your allowlist for secure access:

If you're using app.nobl9.com instance:

• 18.159.114.21
• 18.158.132.186
• 3.64.154.26

If you're using us1.nobl9.com instance:

• 34.121.54.120
• 34.123.193.191
• 34.134.71.10
• 35.192.105.150
• 35.225.248.37
• 35.226.78.175
• 104.198.44.161

You can add the Amazon Redshift data source using the direct or agent connection methods.

Direct connection method

Direct connection to Amazon Redshift requires users to enter their credentials which Nobl9 stores safely.

Nobl9 Web

To set up this type of connection:

1. Navigate to Integrations > Sources.
2. Click .
3. Click the required Source button.
4. Choose Direct.

5. Select one of the following Release Channels:

   • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
   • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

6. Enter your AWS Secret ARN (mandatory).
   The secret must be tagged with RedshiftDataFullAccess permission. For more information, see Data API | Amazon Redshift documentation

7. Enter the IAM Role ARN.
   Check the instructions above for more details.

8. Select a Project.
   Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
9. Enter a Display Name.
   You can enter a user-friendly name with spaces in this field.
10. Enter a Name.
    The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
11. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
12. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.

    • The default value in Amazon Redshift integration for Query delay is 30 seconds.

    info

    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
13. Click Add Data Source.

sloctl

1. Create a YAML definition to set up a direct connection with Amazon Redshift. For this, refer to the following example:

YAML definition for the direct connection method

apiVersion: n9/v1alpha
kind: Direct
metadata:
  name: redshift
  displayName: Redshift Direct
  project: default
spec:
  description: Example Redshift Direct
  releaseChannel: stable
  redshift:
    secretARN: arn:aws:secretsmanager:eu-central-1:123456578901:secret:prod-redshift-db-user
    roleARN: arn:aws:iam::123456578901:role/awsCrossAccountProdRedshift-prod-app
  queryDelay:
    value: 31
    unit: Second

Field	Type	Description
queryDelay.unit mandatory	enum	Specifies the unit for the query delay. Possible values: Second | Minute. • Check query delay documentation for default unit of query delay for each source.
queryDelay.value mandatory	numeric	Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source.
logCollectionEnabled optional	boolean	Optional. Defaults to false. Set to true if you'd like your direct to collect event logs. Contact us to activate it.
releaseChannel mandatory	enum	Specifies the release channel. Accepted values: beta | stable.
Source-specific fields
redshift.roleARN mandatory	string, secret	See authentication section above for more details.
redshift.secretARN mandatory	string, secret	See authentication section above for more details.

2. Apply your YAML definition using the sloctl apply command.

Agent connection method

Nobl9 Web

Follow the instructions below to create your Amazon Redshift agent connection. Refer to the section above for the description of the fields.

1. Navigate to Integrations > Sources.
2. Click .
3. Click the required Source button.
4. Choose Direct.

5. Select one of the following Release Channels:

   • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
   • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

6. Select a Project.
   Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
7. Enter a Display Name.
   You can enter a user-friendly name with spaces in this field.
8. Enter a Name.
   The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
9. Enter a Description.
   Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
10. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.

    • The default value in Amazon Redshift integration for Query delay is 30 seconds.

    info

    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
11. Click Add Data Source.
Deploy your agent in a Kubernetes cluster or Docker container.

sloctl

1. Create a YAML definition to set up an agent connection with Amazon Redshift. For this, refer to the following example:

YAML definition for the agent connection method

apiVersion: n9/v1alpha
kind: Agent
metadata:
  name: redshift
  displayName: Redshift Agent
  project: default
spec:
  description: Example Redshift Agent
  releaseChannel: stable
  redshift: {}
  queryDelay:
    value: 31
    unit: Second

Field	Type	Description
queryDelay.unit mandatory	enum	Specifies the unit for the query delay. Possible values: Second | Minute. • Check query delay documentation for default unit of query delay for each source.
queryDelay.value mandatory	numeric	Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source.
releaseChannel mandatory	enum	Specifies the release channel. Accepted values: beta | stable.

1. Apply your YAML definition using the sloctl apply command.
2. Deploy your agent in a Kubernetes cluster or Docker container.

Amazon Redshift API rate limits

The following rate limits apply to the Amazon Redshift API:

• The maximum query result size is 100 MB. If a call returns more than 100 MB of response data, the call is ended.

• The maximum retention time for query results is 24 hours.

• The maximum query statement size is 100 KB.

• The Data API is available to query single-node and multiple-node clusters of the following node types:

  • dc2.large
  • dc2.8xlarge
  • ds2.xlarge
  • ds2.8xlarge
  • ra3.xlplus
  • ra3.4xlarge
  • ra3.16xlarge

• The cluster must be in a virtual private cloud (VPC) based on the Amazon VPC service.

Useful links

For a more in-depth look, consult additional resources:

Data APIRedshift docsRegional EndpointsRedshift docsAgent metricsAgentCreating SLOs via TerraformTerraformCreating agents via TerraformTerraform