Building DevSecOps solutions using AWS, Terraform and Kubernetes

Redshift Terraform Example

  • 6th July 2022
Video walk-through showing how to deploy Redshift and SecretsManager using Terraform

The Problem

Redshift is expensive to run, so I created this short blog post with the sole intention of having a handy way to create and destroy a terraform cluster.

The Solution

Redshift SecretsManager Diagram

We will use the following Terraform snippet to create a Redshift cluster. We will also hold our newly created Redshift secrets inside of SecretsManager so we can access the cluster later.

This guide assumes you already have terraform installed locally with your AWS credentials configured.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

# Configure the AWS Provider

provider "aws" {
  region = "eu-west-1"
}

# Random Password / Suffix

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!$%&*()-_=+[]{}<>:?"
}

resource "random_string" "unique_suffix" {
  length  = 6
  special = false
}

# Resources

resource "aws_redshift_cluster" "redshift_cluster" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "admin"
  master_password    = random_password.password.result
  node_type          = "dc2.large"
  cluster_type       = "single-node"

  skip_final_snapshot = true
}

resource "aws_secretsmanager_secret" "redshift_connection" {
  description = "Redshift connect details"
  name        = "redshift_secret_${random_string.unique_suffix.result}"
}

resource "aws_secretsmanager_secret_version" "redshift_connection" {
  secret_id = aws_secretsmanager_secret.redshift_connection.id
  secret_string = jsonencode({
    username            = aws_redshift_cluster.redshift_cluster.master_username
    password            = aws_redshift_cluster.redshift_cluster.master_password
    engine              = "redshift"
    host                = aws_redshift_cluster.redshift_cluster.endpoint
    port                = "5439"
    dbClusterIdentifier = aws_redshift_cluster.redshift_cluster.cluster_identifier
  })
}
1) Initialise Terraform

Run once:

terraform init
2) Create Cluster

Creating the cluster is easy, just run:

terraform apply
3) Destroy Cluster

After you are done learning you can permentantly delete this Redshift cluster by running the following command:

terraform destroy

Summary

That's it! You can now apply and destroy a basic terraform cluster.

Redshift pricing starts in the the region of $219/month, so always make sure you either pause or destroy the cluser when you no longer need it.

Rhuaridh

Please get in touch through my socials if you would like to ask any questions - I am always happy to speak tech!

Hello, I am a Senior DevSecOps Engineer working in the e-commerce and fintech space. I occassionally like to blog about stuff.

Disclaimer

Technology moves fast, and it's not always possible to keep blog posts up to date.

Please read the disclaimer.