Redshift Setup Guide

Follow our setup guide to connect your Redshift destination to Fivetran.

Prerequisites

To connect Redshift to Fivetran, you need the following:

• Access to the AWS console to safelist Fivetran's IP address
• Redshift Superuser. Redshift user accounts can only be created and removed by a database superuser.
• A Fivetran role with the Create Destinations or Manage Destinations permissions
• CREATE permissions for Redshift limited user

Redshift provisioned destination - Setup instructions

Choose connection method

IMPORTANT: Skip this step if you want to use Hybrid Deployment for your data pipeline. Perform this step only if you want to use Fivetrtan's cloud environment to sync your data.

Decide whether to connect to your Redshift destination directly or using an SSH tunnel. For more information, see our destination connection options documentation.

NOTE: You must connect through SSH if your Redshift cluster is not publicly accessible.

Connect directly

If you connect directly, you must create a rule in a security group that allows Fivetran access to your Redshift instance and port.

Configure your firewall and/or other access control systems to allow incoming connections to your host and port from Fivetran's IPs for your region.

Connect using an SSH tunnel

If you connect using an SSH tunnel, Fivetran connects to a separate server in your network that provides an SSH tunnel to your Redshift destination. You must then configure your tunnel server's security group to allow Fivetran access and configure the instance's security to allow access from the tunnel.

You must connect through SSH if your destination is contained within an inaccessible subnet.

To connect using SSH, do the following:

1. In the destination setup form, select the Connect via an SSH tunnel option.

2. Copy Fivetran's public SSH key.

3. Add the public key to the authorized_keys file of your SSH server. The key must be all on one line, so make sure that you don't introduce any line breaks when cutting and pasting.

Connect using PrivateLink

IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.

If you select PrivateLink as a connection method, Fivetran uses AWS PrivateLink to move your data securely between our system and your destination.

To set up PrivateLink for your Redshift destination, follow the instructions in the AWS PrivateLink section.

Find endpoint details

IMPORTANT: If you selected PrivateLink as a connection method, skip this step and follow our instructions on how to obtain the Endpoint URL for PrivateLink.

1. Open the Redshift console.

2. In the left menu, click Clusters.

3. Select the cluster you want Fivetran to connect to.

   

4. Click Properties.

   

5. In the Connection details pane's Endpoint field, click Copy to copy the endpoint details. You will need them to complete the destination setup in Fivetran.

   

   Be sure to separate the port and remove the preceding colon (:) from the host string.

Allow Fivetran to connect

1. In the Redshift console, click Clusters.

2. Select the cluster you want Fivetran to connect to.

3. Click Properties.

   

4. Scroll down to the Network and security section.

5. In the VPC security group field, click the security group to open it. Make a note of the security group ID.

   

6. In the Security Groups window, click Inbound rules.

   The security group you clicked in the previous view should be pre-selected here. Ensure that you selected the same security group from the previous screen.

7. Click Edit inbound rules.

   

8. In the Edit Inbound rules window, follow the steps below to create custom TCP rules for each of Fivetran's IPs in your region:

   • Select Custom TCP in the drop-down menu.
   • Enter your Redshift port number.
   • Enter the Fivetran IP address.

     IMPORTANT: If you are connecting through a reverse SSH or VPN tunnel, you must safelist the Fivetran SSH IP address. Contact Fivetran Support for this IP address.

   • Click Add rule.

   

Enable Automatic WLM

In Automatic WLM, the system calculates the optimal memory and concurrency of your queues. To enable automatic WLM, do the following:

1. In the Redshift console, click Configurations > Workload management.

2. In the Workload management window, select the parameter group.

   

3. In the Workload management tab, verify the WLM mode. Click Switch WLM mode.

   

4. In the Concurrency settings window, select Automatic WLM and click Save.

If you want to use Manual WLM, you must allocate a query concurrency of 4 or above to Fivetran. To modify the query concurrency of an existing queue, do the following:

1. In the Workload management tab, go to the Workload queues pane.

2. Click Edit workload queues to change the query concurrency.

3. Use one of the following methods:

   • Modify the Concurrency on main column value for the queue.

     

   • In the JSON section, edit the configuration and modify the query_concurrency parameter for the queue.

     

(Optional) Authenticate using IAM

By default, Fivetran uses the database user's credentials to authenticate the requests in the Redshift cluster. You can opt to authenticate using AWS IAM.

1. In the destination setup form, find the automatically-generated External ID and make a note of it. You will need it to create an IAM role in AWS.

   NOTE: The automatically-generated External ID is tied to your account. If you close and re-open the setup form, the ID will remain the same.

2. Create an IAM Policy for Fivetran:

   i. Open your Amazon IAM console.

   ii. Go to Access management > Policies, and then select Create policy.

   iii. In the Create policy window, go to the JSON tab.

   iv. Copy the following policy and paste it in the JSON tab:

         {
         "Version": "2012-10-17",
         "Statement": [
               {
                     "Sid": "VisualEditor0",
                     "Effect": "Allow",
                     "Action": "redshift:GetClusterCredentials",
                     "Resource": [
                     "arn:aws:redshift:{region}:{account-id}:dbuser:{cluster-name}/{dbuser-name}",
                     "arn:aws:redshift:{region}:{account-id}:dbname:{cluster-name}/{database-name}"
                     ]
               }
         ]
         }
   

   v. Replace {region}, {account-id}, and {cluster-name} with the values for your AWS Region, account, and cluster.

   vi. Replace {dbuser-name} with the user name used to log in to the cluster database.

   vii. Replace {database-name} with the name of the database that the user will log in to.

   viii. Click Review Policy.

   ix. Name the policy "Fivetran-Redshift-Access".

   x. Click Create Policy.

3. Create an IAM role for Fivetran:

   i. Go to Access management > Roles and then select Create role.

   ii. In the Create role window, select Another AWS account.

   iii. In the Account ID field, enter Fivetran's account ID, 834469178297.

   iv. In Options, select the Require external ID checkbox.

   v. Enter the External ID you found in your destination setup form.

   vi. Click Next: Permissions.

   vii. Select the "Fivetran-Redshift-Access" policy that you created.

   viii. Click Next: Tags. Entering tags is optional, but you must click through the step.

   ix. Click Next: Review.

   x. Name your new role "Fivetran", then click Create Role.

   xi. Select the Fivetran role you just created.

   xii. Click Edit trust relationship.

   

   xiii. Copy the following policy and paste it in the JSON tab:

   {
   "Version":"2012-10-17",
   "Statement":[
   {
      "Effect":"Allow",
      "Principal":{
         "AWS":[
            "arn:aws:iam::834469178297:root"
         ]
      },
      "Action":"sts:AssumeRole",
      "Condition":{
         "StringEquals":{
            "sts:ExternalId": "{externalId}"
         },
         "StringLike":{
            "aws:PrincipalArn":[
               "arn:aws:iam::834469178297:user/gcp_donkey",
               "arn:aws:iam::834469178297:user/salame_access",
               "arn:aws:iam::834469178297:user/v-frontend-service-account-prod-*"
            ]
         }
      }
   }
   ]
   } 
   

   xiv. Replace {externalId} with your External ID. You can find the External ID in the destination setup form.

   xv. Click Update Trust Policy.

   xvi. In the Summary section, make a note of the Role ARN.

   NOTE: You can specify permissions for the Role ARN that you designate for Fivetran. Giving selective permissions to this Role will allow Fivetran to only sync what it has permissions to see.

IMPORTANT: If you use an SSH Tunnel to connect, you must enter the Cluster ID and Cluster region details in the destination setup form.

Connect as Master or Limited user

You can connect as either a "Master" or "Limited" user. The master username inherently has the CREATE permissions that Fivetran needs to function, so we recommend connecting as a master user. If you don't want to connect as a master user, you must create a new limited user for Fivetran.

Master User

1. In the Redshift console, select the cluster you want Fivetran to connect to.

2. Click Properties.

   

3. In the Properties tab, scroll down to the Database configurations section.

4. Copy Database name and the Master user name values. You will need them to complete the destination setup in Fivetran.

   

Limited User

To connect as a limited user, you must create a Redshift user for Fivetran.

1. Connect to Redshift using a SQL client tool.

2. Depending on your authentication type, do the following:

   • Password authentication: Execute the following query to create a user (replace <password> with a password of your choice):

     CREATE USER fivetran PASSWORD <password>;
     

   • IAM authentication: We recommend that you create a user without any password. Execute the following query:

     CREATE USER fivetran PASSWORD disable;
     

3. Execute the following query to grant the fivetran user the following privileges (replace <database> with your database name):

   • CREATE: Allows the user to create new schemas in the database
   • TEMPORARY: Allows the user to create temporary tables while using the database

   GRANT CREATE, TEMPORARY ON DATABASE <database> TO fivetran;
   

You will need the limited user's credentials to complete the destination setup in Fivetran.

(Optional) Create VPC endpoint

If you use Enhanced VPC routing, you must create a VPC endpoint to allow access to the S3 buckets and copy data into the tables.

To create a VPC endpoint, do the following:

1. Sign in to the AWS Management Console and open the Amazon VPC console.

2. Click Endpoints.

3. Click Create Endpoint.

   

4. In the Service category options, select AWS services.

5. In the Service Name section, select your S3 service to grant access.

6. In the VPC drop-down menu, select the VPC you use in the Redshift cluster.

   

7. In the Configure route tables section, select the Route Table ID associated with the VPC.

8. In the Policy section, select Full Access to allow access to S3 services.

   

9. Click Create endpoint.

For more information about VPC endpoints, see Working with VPC endpoints.

(Additional) AWS PrivateLink

IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.

AWS PrivateLink allows VPCs and AWS-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. PrivateLink is the most secure connection method. Learn more in AWS’ PrivateLink documentation.

Fivetran uses PrivateLink to move your data securely between our system and your Redshift destination.

Prerequisites

To set up AWS PrivateLink, you need:

• A Fivetran instance configured to run in AWS
• A Redshift destination in one of our supported regions

Perform the following steps to obtain the Endpoint URL that you need to configure Fivetran.

Set up Amazon Redshift-managed VPC endpoint and grant Fivetran cluster access

1. Follow the steps in the Amazon Big Data article to set up an Amazon Redshift-managed VPC endpoint.

2. When authorizing access to additional AWS accounts in the Amazon Redshift console, go to Clusters and enter 834469178297 in the AWS account ID field to grant Fivetran cluster access.

   

3. Select Grant access to all VPCs.

4. Click Grant Access.

Provide credentials to Fivetran Support

Send the following information to our support team:

• your AWS account ID
• your cluster identifier

Specify endpoint URL in setup form

Once we provide you with an endpoint URL, you should specify it in the Host field of the setup form when completing Fivetran configuration.

Configure external storage for Hybrid Deployment

IMPORTANT: Skip to the next step if you want to use Fivetrtan's cloud environment to sync your data. Perform this step only if you want to use Hybrid Deployment for your data pipeline.

Configure Amazon S3 bucket

Create S3 bucket

Create an S3 bucket by following the instructions in AWS's documentation.

NOTE: Your S3 bucket and Redshift cluster must be in the same region.

Create IAM policy for S3 bucket

1. Open your Amazon IAM console.

2. Go to Policies, and then click Create policy.

   

3. Go to the JSON tab.

   

4. Copy the following policy and paste it in the JSON editor.

   {
       "Version": "2012-10-17",
       "Statement": [
           {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "s3:DeleteObjectTagging",
               "s3:ReplicateObject",
               "s3:PutObject",
               "s3:GetObjectAcl",
               "s3:GetObject",
               "s3:DeleteObjectVersion",
               "s3:ListBucket",
               "s3:PutObjectTagging",
               "s3:DeleteObject",
               "s3:PutObjectAcl"
           ],
           "Resource": [
               "arn:aws:s3:::{your-bucket-name}/*",
               "arn:aws:s3:::{your-bucket-name}"
           ]
           }
       ]
   }
   
   

5. In the policy, replace {your-bucket-name} with the name of your S3 bucket.

6. Click Next.

7. Enter a Policy name.

8. Click Create policy.

Create AWS user for Fivetran

1. In the Amazon IAM console, go to Users, and then click Create user.

   

2. Enter a User name, and then click Next.

3. Select Attach policies directly.

   

4. Select the checkbox next to the policy you create in the Create IAM policy for S3 bucket step, and then click Next.

5. In the Review and create page, click Create user.

6. In the Users page, open the user you created.

7. Click Create access key.

   

8. Select Application running outside AWS, and then click Next.

   

9. Click Create access key.

10. Click Download .csv file to download the Access key ID and Secret access key securely to your local drive and delete after use. You will need them to configure Fivetran.

Complete Fivetran configuration

1. Log in to your Fivetran account.

2. Go to the Destinations page and click Add destination.

3. Enter a Destination name of your choice and then click Add.

4. Select Redshift as the destination type.

5. (Enterprise and Business Critical accounts only) Choose your deployment model:

   • SaaS Deployment
   • Hybrid Deployment

6. If you choose Hybrid Deployment, do the following:

   i. In the Select an existing agent drop-down menu, select an existing Hybrid Deployment Agent or configure a new agent.

   NOTE: For more information about configuring a new agent, see our Hybrid Deployment setup guides.

   ii. Enter the following details of the S3 bucket you created:

   • S3 bucket name
   • S3 bucket region
   • AWS access key ID
   • AWS secret access key

7. (Not applicable to Hybrid Deployment) Choose your Connection method:

   • Connect directly
   • Connect via an SSH
   • Connect via Private Link

   NOTE: The Connect via Private Link option is only available for Business Critical accounts.

8. (Not applicable to Hybrid Deployment) If you choose Connect via an SSH tunnel, enter the following details:

   • SSH Host
   • SSH Port
   • SSH User

9. (Optional) If you choose Connect via an SSH tunnel or Connect via Private Link, enable the Require TLS through tunnel toggle if you want to use TLS.

10. In the Host field in destination setup form, enter one of the following values:

    • the host name you found in Step 2 - if you select Connect directly or Connect via an SSH as a connection method
    • the endpoint URL we provided to you - if you select Connect via Private Link as a connection method

11. In the Port field in destination setup form, enter one of the following values:

    • the host name you found in Step 2 - if you select Connect directly or Connect via an SSH as a connection method
    • the default Redshift port 5439 - if you select Connect via Private Link as a connection method

12. Enter the Database name you found in Step 6.

13. Enter the User name you found in Step 6.

14. Choose the Authentication Type: PASSWORD or IAM. The default type is PASSWORD.

    • If you choose PASSWORD, then enter the Password you created for your Redshift cluster.

      NOTE: This password is not the same as your AWS password.

    • If you choose IAM, then enter the Role ARN you created for your Redshift cluster in Step 5.

15. (Optional) If you use IAM authentication and an SSH tunnel to connect, enter your Cluster ID and then choose your Cluster region.

    NOTE: If we auto-detect the cluster region, the Cluster region field won't be visible in the setup form.

16. (Optional) Choose the Cluster region. Fivetran uses the data staging bucket in the cluster region you select.

    IMPORTANT: If you use VPC security policies, select the same region as the Redshift cluster. If you do not select the cluster region, we will use your data processing location as the cluster region.

17. Choose the Data processing location. Depending on the plan you are on and your selected cloud service provider, you may also need to choose a Cloud service provider and cloud region as described in our Destinations documentation.

18. Choose your Time zone.

19. (Optional for Business Critical accounts and not applicable to Hybrid Deployment) To enable regional failover, set the Use Failover toggle to ON, and then select your Failover Location and Failover Region. Make a note of the IP addresses of the secondary region and safelist these addresses in your firewall.

20. Click Save and Test. Your Redshift cluster is now connected.

Fivetran tests and validates the Redshift connection. On successful completion of the setup tests, you can sync your data using Fivetran connectors to the Redshift provisioned destination.

In addition, Fivetran automatically configures a Fivetran Platform Connector to transfer the connector logs and account metadata to a schema in this destination. The Fivetran Platform Connector enables you to monitor your connectors, track your usage, and audit changes. The connector sends all these details at the destination level.

IMPORTANT: If you are an Account Administrator, you can manually add the Fivetran Platform Connector on an account level so that it syncs all the metadata and logs for all the destinations in your account to a single destination. If an account-level Fivetran Platform Connector is already configured in a destination in your Fivetran account, then we don't add destination-level Fivetran Platform Connectors to the new destinations you create.

Redshift Serverless - Setup instructions

Choose connection method

IMPORTANT: Skip this step if you want to use Hybrid Deployment for your data pipeline. Perform this step only if you want to use Fivetrtan's cloud environment to sync your data.

Decide whether to connect to your Redshift data warehouse directly or using an SSH tunnel. For more information, see our destination connection options documentation.

NOTE: You must connect through SSH if your Redshift cluster is not publicly accessible.

Connect directly

If you connect directly, you must create a rule in a security group that allows Fivetran access to your Redshift instance and port.

Configure your firewall and/or other access control systems to allow incoming connections to your host and port from Fivetran's IPs for your region.

For more information, see Redshift Serverless' documentation.

Connect using an SSH tunnel

If you connect using an SSH tunnel, Fivetran connects to a separate server in your network that provides an SSH tunnel to your Redshift destination. You must then configure your tunnel server's security group to allow Fivetran access and configure the instance's security to allow access from the tunnel. You must have three subnets associated to your workgroup.

You must connect through SSH if your destination is contained within an inaccessible subnet.

To connect using SSH, do the following:

1. In the destination setup form, select the Connect via an SSH tunnel option.

2. Copy Fivetran's public SSH key.

3. Add the public key to the authorized_keys file of your SSH server. The key must be all on one line, so make sure that you don't introduce any line breaks when cutting and pasting.

Connect using PrivateLink

IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.

If you select PrivateLink as a connection method, Fivetran uses AWS PrivateLink to move your data securely between our system and your destination.

To set up PrivateLink for your Redshift destination, follow the instructions in the AWS PrivateLink section.

Find endpoint details

1. Open the Redshift Serverless console.

2. Select the namespace you want Fivetran to connect to.

   

3. Select your workgroup.

   

4. In the General Information pane's Endpoint field, click the Copy icon to copy the endpoint details. You will need them to complete the destination setup in Fivetran.

   

   NOTE: Be sure to separate the port and database and remove the preceding colon (:) from the host string.

Allow Fivetran to connect

1. Select the namespace you want Fivetran to connect to.

2. Select your workgroup.

3. In the Data Access tab, scroll down to the Network and security section.

4. In the VPC security group field, click the security group to open it and make a note of the security group ID.

   

5. In the Security Groups window, click Inbound rules.

   The security group you clicked in the previous view should be pre-selected here. Ensure that you selected the same security group from the previous screen.

6. Click Edit inbound rules.

   

7. In the Edit Inbound rules window, follow the steps below to create custom TCP rules for each of Fivetran's IPs in your region:

   • Select Custom TCP in the drop-down menu.
   • Enter your Redshift port number.
   • Enter the Fivetran IP address.
   • Click Add rule.

   

(Optional) Authenticate using IAM

IAM AUTHENTICATION FOR REDSHIFT SERVERLESS IS NOT SUPPORTED AS OF NOW

IMPORTANT: If you use an SSH Tunnel to connect, you must enter the Cluster ID and Cluster region details in the destination setup form.

Connect as Master or Limited user

You can connect as either a "Master" or "Limited" user. The master username inherently has the CREATE permissions that Fivetran needs to function, so we recommend connecting as a master user. If you don't want to connect as a master user, you must create a new limited user for Fivetran.

Master User

1. Select the namespace you want Fivetran to connect to.

2. Copy Database name and the Admin user name values. You will need them to complete the destination setup in Fivetran.

   

Limited User

To connect as a limited user, you must create a Redshift user for Fivetran.

1. Connect to Redshift using a SQL client tool.

2. Depending on your authentication type, do the following:

   • Password authentication: Execute the following query to create a user (replace <password> with a password of your choice):

     CREATE USER fivetran PASSWORD <password>;
     

   • IAM authentication: Execute the following query to create a user (replace <rolename> with the role you created in Step 4) without any password:

       CREATE USER IAMR:<rolename> PASSWORD disable;
     

3. Execute the following query to grant the fivetran user the following privileges (replace <database> with your database name):

   • CREATE: Allows the user to create new schemas in the database
   • TEMPORARY: Allows the user to create temporary tables while using the database

   GRANT CREATE, TEMPORARY ON DATABASE <database> TO IAMR:<rolename>;
   

You will need the limited user's credentials to complete the destination setup in Fivetran.

(Optional) Create VPC endpoint

If you use Enhanced VPC routing, you must create a VPC endpoint to allow access to the S3 buckets and copy data into the tables.

To create a VPC endpoint, do the following:

1. Sign in to the AWS Management Console and open the Amazon VPC console.

2. Click Endpoints.

3. Click Create Endpoint.

   

4. In the Service category options, select AWS services.

5. In the Service Name section, select your S3 service to grant access.

6. In the VPC dropdown menu, select the VPC you use in the Redshift cluster.

   

7. In the Configure route tables section, select the Route Table ID associated with the VPC.

8. In the Policy section, select Full Access to allow access to S3 services.

   

9. Click Create endpoint.

For more information about VPC endpoints, see Working with VPC endpoints.

Configure external storage for Hybrid Deployment

IMPORTANT: Skip to the next step if you want to use Fivetrtan's cloud environment to sync your data. Perform this step only if you want to use Hybrid Deployment for your data pipeline.

Configure Amazon S3 bucket

Create S3 bucket

Create an S3 bucket by following the instructions in AWS's documentation.

NOTE: Your S3 bucket and Redshift cluster must be in the same region.

Create IAM policy for S3 bucket

1. Open your Amazon IAM console.

2. Go to Policies, and then click Create policy.

   

3. Go to the JSON tab.

   

4. Copy the following policy and paste it in the JSON editor.

   {
       "Version": "2012-10-17",
       "Statement": [
           {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "s3:DeleteObjectTagging",
               "s3:ReplicateObject",
               "s3:PutObject",
               "s3:GetObjectAcl",
               "s3:GetObject",
               "s3:DeleteObjectVersion",
               "s3:ListBucket",
               "s3:PutObjectTagging",
               "s3:DeleteObject",
               "s3:PutObjectAcl"
           ],
           "Resource": [
               "arn:aws:s3:::{your-bucket-name}/*",
               "arn:aws:s3:::{your-bucket-name}"
           ]
           }
       ]
   }
   
   

5. In the policy, replace {your-bucket-name} with the name of your S3 bucket.

6. Click Next.

7. Enter a Policy name.

8. Click Create policy.

Create AWS user for Fivetran

1. In the Amazon IAM console, go to Users, and then click Create user.

   

2. Enter a User name, and then click Next.

3. Select Attach policies directly.

   

4. Select the checkbox next to the policy you create in the Create IAM policy for S3 bucket step, and then click Next.

5. In the Review and create page, click Create user.

6. In the Users page, open the user you created.

7. Click Create access key.

   

8. Select Application running outside AWS, and then click Next.

   

9. Click Create access key.

10. Click Download .csv file to download the Access key ID and Secret access key securely to your local drive and delete after use. You will need them to configure Fivetran.

Complete Fivetran configuration

1. Log in to your Fivetran account.

2. Go to the Destinations page and click Add destination.

3. Enter a Destination name of your choice and then click Add.

4. Select Redshift as the destination type.

5. (Enterprise and Business Critical accounts only) Choose your deployment model:

   • SaaS Deployment
   • Hybrid Deployment

6. If you choose Hybrid Deployment, do the following:

   i. In the Select an existing agent drop-down menu, select an existing Hybrid Deployment Agent or configure a new agent.

   NOTE: For more information about configuring a new agent, see our Hybrid Deployment setup guides.

   ii. Enter the following details of the S3 bucket you created:

   • S3 bucket name
   • S3 bucket region
   • AWS access key ID
   • AWS secret access key

7. Enter the Host name you found in Step 2.

8. In the Port field, enter the host name you found in Step 2.

9. Enter the Database name you found in Step 5.

10. Enter the User name you found in Step 5.

11. Choose the Authentication Type: PASSWORD or IAM. The default type is PASSWORD.

    • If you choose PASSWORD, then enter the Password you created for your Redshift cluster.

      NOTE: This password is not the same as your AWS password.

    • If you choose IAM, then enter the Role ARN you created for your Redshift cluster in Step 4.

12. (Not applicable to Hybrid Deployment) Choose your Connection method:

    • Connect directly
    • Connect via an SSH
    • Connect via Private Link

13. (Not applicable to Hybrid Deployment) If you choose Connect via an SSH tunnel, enter the following details:

    • SSH Host
    • SSH Port
    • SSH User

14. (Optional) If you choose Connect via an SSH tunnel, enable the Require TLS through tunnel toggle if you want to use TLS.

15. (Optional) If you use IAM authentication and an SSH tunnel to connect, enter your Cluster ID and then choose your Cluster region.

    NOTE: If we auto-detect the cluster region, the Cluster region field won't be visible in the setup form.

16. (Optional) Choose the Cluster region. Fivetran uses the data staging bucket in the cluster region you select.

    IMPORTANT: If you use VPC security policies, select the same region as the Redshift cluster. If you do not select the cluster region, we will use your data processing location as the cluster region.

17. Set the Connect to Redshift Serverless toggle to ON.

18. Choose the Data processing location. Depending on the plan you are on and your selected cloud service provider, you may also need to choose a Cloud service provider and cloud region as described in our Destinations documentation.

19. Choose your Time zone.

20. (Optional for Business Critical accounts and not applicable to Hybrid Deployment) To enable regional failover, set the Use Failover toggle to ON, and then select your Failover Location and Failover Region. Make a note of the IP addresses of the secondary region and safelist these addresses in your firewall.

21. Click Save and Test. Your Redshift cluster is now connected.

Fivetran tests and validates the Redshift connection. On successful completion of the setup tests, you can sync your data using Fivetran connectors to the Redshift Serverless destination.

In addition, Fivetran automatically configures a Fivetran Platform Connector to transfer the connector logs and account metadata to a schema in this destination. The Fivetran Platform Connector enables you to monitor your connectors, track your usage, and audit changes. The connector sends all these details at the destination level.

IMPORTANT: If you are an Account Administrator, you can manually add the Fivetran Platform Connector on an account level so that it syncs all the metadata and logs for all the destinations in your account to a single destination. If an account-level Fivetran Platform Connector is already configured in a destination in your Fivetran account, then we don't add destination-level Fivetran Platform Connectors to the new destinations you create.

Setup tests

Fivetran performs the following Redshift connection tests:

• The Validate Cluster Region Test validates the cluster region you provided in the setup form. We skip this test if you don't specify the cluster region.
• The Verify Host/Cluster Details Test validates the cluster details you provided in the setup form. We perform this test only if you use IAM authentication and an SSH tunnel to connect.
• The Database Host Connection Test validates the database credentials you provided in the setup form. The test verifies that the host is not private and then checks the connectivity to the host.
• The SSH Tunnel Test validates the SSH tunnel details you provided in the setup form and then checks the connectivity to the instance using the SSH Tunnel if you are connecting using an SSH tunnel.
• The Connection Test connects to your database instance and executes queries to check if we have the permissions to access the information_schema and pg_catalog schemas.
• The Query Concurrency Test validates if you have allocated a query concurrency of four or above to Fivetran. We do not perform this test for Redshift Serverless destinations.
• The Permission Test checks if we have permissions to create schemas and temporary tables on your Redshift database.

NOTE: The tests may take a couple of minutes to finish running.

Related articles

description Destination Overview

assignment Release Notes

settings API Destination Configuration

home Documentation Home