I am trying to access a Redshift database from a Lambda function. When I add 0.0.0.0/0 to the security group connections in the Redshift interface (as suggested by this article), I am able to connect successfully. From a security perspective, however, I don't feel comfortable using 0.0.0.0/0.
Is there a way to only allow Lambda to access Redshift without opening it up to the public internet?
I have tried adding the AWS IP ranges, however, this didn't work (as it only allows a limited number of security group connections).
Enable VPC access for your Lambda function, and open the Redshift Security Group to the SG assigned to the Lambda function, just like you would open it to an EC2 server.
I was having the same problem and the answer wasn't helping. It would work with I added a 0.0.0.0/0 to my security group, but that is not something I could work with long term.
I ended up creating a new VPC with a public (10.0.1.0) and private(10.0.2.0) subnet and a NAT on the public subnet. Running the lambda function on the private subnet, but still not able to access the redshift db. Moved the Redshift db to the public (10.0.1.0) subnet. I put Redshift on that subnet because the load script runs externally and there is a security group that lets through my two work/home IPs
on port 5439 and it also lets in the private 10.0.2.0/24 subnet where the lambda
script is running.
That said it still wasn't working and it took a while to figure out that I couldn't use the full dns name to access Redshift. Even with a working NAT in place it still wasn't connecting to redshift. I tested this with two EC2 instances and a simple script to connect and run a query. This was faster than working in lambda just to solve the connectivity. This link on managing clusters and this one on cluster node ip solved the issue for me.
Solution: Go to the cluster and click on it. Down in the lower right corner of all the config information are the SSH ingestion settings and the private IP. I used that IP instead of the url an it solved all my connectivity issues. Seems basic now, but spent a lot of time searching and could not find the answer I was looking for.
Good Luck,
Wood
