Add an Amazon Redshift connection

You can easily add a connection to an Amazon Redshift database, enabling you to run live queries of an external database, create answers and pinboards.

Enabling SSL in Amazon Redshift

If you need to create a secure connection to Amazon Redshift, you must edit the parameter group assigned to your Redshift cluster and enable the require_SSL flag.

To enable FIPS-compliant SSL mode, set both the use_fips_ssl parameter and the require_SSL parameter to true in the parameter group that is associated with your Redshift cluster.

For more information, see Connect using SSL in Amazon’s Redshift documentation.

Using AWS Secrets Manager to store your Amazon Redshift connection password

You can store your connection password in AWS Secrets Manager. For details on requirements and how to set up this feature, see Configure AWS Secrets Manager.

Adding a Redshift connection

To add a new connection to Redshift:

  1. Click Data in the top navigation bar.

  2. Click the Connections tab at the top of the page, and click + Add connection at the upper-right-hand side of the page.

    Click "+ Add connection"

  3. Create a name for your connection, a description (optional), then select the Redshift connection type, and click Continue.

    Choose connection type

  4. Enter the connection details for your Redshift data source using either IAM or Service Account.

    If you are going to use AWS Secrets Manager to store your connection password, you must select Service Account.

    For IAM authentication, do the following:

    • Enter Host, Port, Database, Db User, Access Key, and Secret Key.

    For Service Account authentication, do the following:

    • Enter Host, Port, User, Password, and Database.

      If the AWS Secrets Manager feature is enabled, the password field does not appear, and there is advanced configuration required (detailed below).

      Refer to the Redshift connection reference for more information on each of the specific attributes you must enter for your connection.

  5. (Optional) If you enabled SSL in your Redshift cluster, you must do the following:

    1. Click the Advanced Config menu to reveal the Key and Value fields.

    2. For Key, enter SSL.

    3. For Value, enter True.

      To add more keys and values, click the plus sign (+), and enter them.

      Any key-value pairs that you enter must be defined in your Redshift data source. Key-value pairs are case-sensitive.
  6. If the AWS Secrets Manager feature is enabled, you must add four key-value pairs by doing the following:

    1. Click the Advanced Config menu to reveal the Key and Value fields.

    2. For Key, enter secret_manager_region.

    3. For Value, enter the AWS-region where AWS Secrets Manager is hosted (example: us-east-1).

    4. Click + Add to and another key-value pair.

    5. For Key, enter secret_name_or_ARN.

    6. For Value, enter the secret name or ARN created in AWS Secrets Manager.

    7. Click + Add to and another key-value pair.

    8. For Key, enter key_name.

    9. For Value, enter any key against which the password is stored in AWS Secrets Manager.

    10. (Optional) If you have a cross-region connection (Your Thoughtspot-EC2-instance and AWS Secrets Manager are hosted in different AWS-regions), click + Add to and another key-value pair.

    11. For Key, enter remote_role_ARN.

    12. For Value, enter the name of the role of the remote ARN.

      aws secrets man adv config
  7. Click Continue.

  8. Select tables (on the left) and the columns from each table (on the right), and then click Create connection.

    Select tables and columns

    A message appears indicating the number of tables and columns that will be added to your connection.

  9. Click Confirm.

    After you add the connection, you can search your Redshift database right away by clicking Search now.

    The "connection created" screen

    Your new connection appears on the Data > Connections page. You can click the name of your connection to view the tables and columns in your connection.

The connection you just created is a link to the external data source. If there are any joins in the selected tables of the external data source, those are imported into ThoughtSpot.

You can now perform a live query on the selected tables and columns of your connection. Because the selected tables and columns in your connection are linked, it may take a while to initially render the search results. This is because ThoughtSpot does not cache linked data. With linked data, ThoughtSpot queries the external database directly, which is slower than querying data that is stored in ThoughtSpot’s database.