Create new security group for redshift and apply using Terraform-CodePudding

I'm quite new to Terraform, and struggling with something.

I'm playing around with Redshift for a personal project, and I want to update the inbound security rules for the default security group which is applied to Redshift when it's created.

If I were doing it in AWS Console, I'd be adding a new inbound rule with Type being All Traffic and Source being Anywhere -IPv4 which adds 0.0.0.0/0.

Below in main.tf I've tried to create a new security group and apply that to Redshift, but I get a VPC-by-Default customers cannot use cluster security groups error.

What is it I'm doing wrong?

resource "aws_redshift_cluster" "redshift" {
  cluster_identifier = "redshift-cluster-pipeline"
  skip_final_snapshot = true terraform destroy
  master_username    = "awsuser"
  master_password    = var.db_password
  node_type          = "dc2.large"
  cluster_type       = "single-node"
  publicly_accessible = "true"
  iam_roles = [aws_iam_role.redshift_role.arn]
  cluster_security_groups = [aws_redshift_security_group.redshift-sg.name]
}

resource "aws_redshift_security_group" "redshift-sg" {
  name = "redshift-sg"
  ingress {
    cidr = "0.0.0.0/0"
    }

CodePudding user response：

The documentation for the Terraform resource aws_redshift_security_group states:

Creates a new Amazon Redshift security group. You use security groups to control access to non-VPC clusters

The error message you are receiving is clearly staging that you are using the wrong type of security group, and you need to use a VPC security group instead. Once you create the appropriate VPC security group, you would set it in the aws_redshift_cluster resource via the vpc_security_group_ids property.