Skip to content

Multiple Instances of Connector

If you have multiple AWS Redshift clusters and need to manage access permissions using the Privacera Connector for AWS Redshift, you must configure a separate connector instance for each cluster.

You may need multiple instances in scenarios such as:

  • Redshift cluster per department: Each department has its own dedicated Redshift cluster.
  • Redshift cluster per environment (dev, test, prod): Separate clusters for development, testing, and production environments.

Since database objects differ across clusters, you must create distinct access policies for each one. To achieve this:

  • Create a separate connector instance in Privacera Manager for each Redshift cluster.
  • Define a corresponding Resource Policy Service in the Privacera portal for each instance.

Prerequisites

  • Privacera Manager is installed and functional, with at least one Redshift connector instance already configured.
  • A unique name is assigned to the new connector instance.
  • All prerequisites for the new connector instance are met, as outlined in the prerequisites section.

Setup

Resource Policy Service Instance

To configure a new Resource Policy service instance in the REDSHIFT service repository, follow these steps.

  1. Navigate to Access Management -> Resource Policies in the Privacera portal.
  2. In the REDSHIFT tile, click the three-dot icon and select Add Service.
  3. Enter the following fields:
    1. Service Name: Enter a unique name for the new connector instance. For example, privacera_redshift_instance2.
    2. Display Name: Enter a descriptive name for easy identification. For example, Redshift Instance 2.
    3. Description: Enter a description for the new instance.
    4. Active Status: Toggle to On.
    5. Select Tag Service: Select privacera_tag or your tag service, if you have configured a different tag service.
  4. Click Save to complete the setup.

New Connector Instance

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to navigate to the /config directory.

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Create a new directory for the AWS Redshift connector configuration for the new instance.

    Note

    Assuming you already have an instance named instance1, we are going to create an instance named instance2. You can change this name to uniquely identify your installed connector configuration.

    Bash
    1
    mkdir -p custom-vars/connectors/redshift/instance2

  4. Copy the sample connector configuration file to your custom directory:

    Bash
    1
    cp -n sample-vars/vars.connector.redshift.yml custom-vars/connectors/redshift/instance2/

  5. Run the following command to open the .yml file to be edited:

    Bash
    1
    vi custom-vars/connectors/redshift/instance2/vars.connector.redshift.yml

  6. Add or modify the following variable in the YAML file:

    YAML
    1
    CONNECTOR_REDSHIFT_RANGER_SERVICE_NAME: "privacera_redshift_instance2"
    Continue to modify other variables as needed. Refer to the setup guide for more details.

  1. Log in to your account in PrivaceraCloud portal using your credentials.
  2. Go to the Settings -> Applications tab.
  3. Click on the Redshift icon in the Connected Applications section.
  4. Click on the CONNECT NEW APPLICATION button.
  5. Follow the steps to create a new Redshift connector from setup guide.

Comments