My infra and networking are lacking so I’m hoping someone could provide an overview of what I need to set up to have an ECS service/task be able to connect to Redshift. The service will be reading and writing to the Redshift cluster.
Here’s my overview
- Redshift cluster exists
- ECS service exists
- both exist in the same VPC
- The ECS service can fetch host, port, user, pass from SSM (it can)
Because the two exist in the same VPC I figured all that is required is correct credentials. But that is not working. In the above set up the attempt to connect to Redshift times out despite correct host, port, user, and pass.
So I’m assuming I need to do something like creating a security group that allows ECS to speak to Redshift.
Could anyone shed some light on this next step?
>Solution :
The security group assigned to the Redshift cluster needs a rule allowing inbound network connections, on the Redshift port 5493, from the security group assigned to the ECS service. In the security group rule, you would specify the ECS service’s security group ID as the source.