What is the purpose of Enhanced VPC routing for Redshift ?

I've read the doc https://docs.aws.amazon.com/redshift/latest/mgmt/enhanced-vpc-routing.html but it it not clear to me.

When you create a redshift cluster, the leader node resides in a VPC / subnet. Hence it will always use VPC routing, Security groups etc to route requests right ? How come that redshift wouldn't use VPC traffic when performing "COPY" commands ?

CodePudding user response：

Enhanced VPC routing forces the traffic to go through your VPC.

With it disabled, even if your cluster is in a VPC, it will route traffic via the public Internet instead of going through the VPC.

This is because it uses an "internal" network interface that's outside of the VPC, regardless of whether or not the cluster itself is in a VPC.

Here's a relevant excerpt from the docs:

In Amazon Redshift, network traffic created by COPY, UNLOAD, and Amazon Redshift Spectrum flow through a network interface. This network interface is internal to the Amazon Redshift cluster, and is located outside of your Amazon Virtual Private Cloud (Amazon VPC). By default, the network traffic is then routed through the public internet to reach its destination.

However, when you enable Amazon Redshift enhanced VPC routing, Amazon Redshift routes the network traffic through a VPC instead. Amazon Redshift enhanced VPC routing uses an available routing option, prioritizing the most specific route for network traffic. The VPC endpoint is prioritized as the first route priority. If a VPC endpoint is unavailable, Amazon Redshift routes the network traffic through an internet gateway, NAT instance, or NAT gateway.