Skip to main content

AWS Redshift

Prerequisites

If the cluster is configured within a VPC, then Cube must have a network route to the cluster.

Setup

Manual

Add the following to a .env file in your Cube project:

Password Authentication

CUBEJS_DB_TYPE=redshift
CUBEJS_DB_HOST=my-redshift-cluster.cfbs3dkw1io8.eu-west-1.redshift.amazonaws.com
CUBEJS_DB_NAME=my_redshift_database
CUBEJS_DB_USER=<REDSHIFT_USER>
CUBEJS_DB_PASS=<REDSHIFT_PASSWORD>

IAM Authentication

For enhanced security, you can configure Cube to use IAM authentication instead of username and password. When running in AWS (EC2, ECS, EKS with IRSA), the driver can use the instance’s IAM role to obtain temporary database credentials automatically. Omit CUBEJS_DB_USER and CUBEJS_DB_PASS to enable IAM authentication: 
CUBEJS_DB_TYPE=redshift
CUBEJS_DB_HOST=my-redshift-cluster.xxx.eu-west-1.redshift.amazonaws.com
CUBEJS_DB_NAME=my_redshift_database
CUBEJS_DB_SSL=true
CUBEJS_DB_REDSHIFT_AWS_REGION=eu-west-1
CUBEJS_DB_REDSHIFT_CLUSTER_IDENTIFIER=my-redshift-cluster
The driver uses the AWS SDK’s default credential chain (IAM instance profile, EKS IRSA, etc.) to obtain temporary database credentials via the redshift:GetClusterCredentialsWithIAM API.

IAM Role Assumption

For cross-account access or enhanced security, you can configure Cube to assume an IAM role: 
CUBEJS_DB_REDSHIFT_AWS_REGION=eu-west-1
CUBEJS_DB_REDSHIFT_CLUSTER_IDENTIFIER=my-redshift-cluster
CUBEJS_DB_REDSHIFT_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/RedshiftAccessRole
CUBEJS_DB_REDSHIFT_ASSUME_ROLE_EXTERNAL_ID=unique-external-id

Cube Cloud

In some cases you’ll need to allow connections from your Cube Cloud deployment IP address to your database. You can copy the IP address from either the Database Setup step in deployment creation, or from Settings → Configuration in your deployment.
The following fields are required when creating an AWS Redshift connection:
Cube Cloud AWS Redshift Configuration Screen
Cube Cloud also supports connecting to data sources within private VPCs if dedicated infrastructure is used. Check out the VPC connectivity guide for details.

Environment Variables

Environment VariableDescriptionPossible ValuesRequired
CUBEJS_DB_HOSTThe host URL for a databaseA valid database host URL
CUBEJS_DB_PORTThe port for the database connectionA valid port number
CUBEJS_DB_NAMEThe name of the database to connect toA valid database name
CUBEJS_DB_USERThe username used to connect to the databaseA valid database username1
CUBEJS_DB_PASSThe password used to connect to the databaseA valid database password1
CUBEJS_DB_SSLIf true, enables SSL encryption for database connections from Cubetrue, false
CUBEJS_DB_MAX_POOLThe maximum number of concurrent database connections to pool. Default is 16A valid number
CUBEJS_DB_REDSHIFT_CLUSTER_IDENTIFIERThe Redshift cluster identifier. Required for IAM authenticationA valid cluster identifier
CUBEJS_DB_REDSHIFT_AWS_REGIONThe AWS region of the Redshift cluster. Required for IAM authenticationA valid AWS region
CUBEJS_DB_REDSHIFT_ASSUME_ROLE_ARNThe ARN of the IAM role to assume for cross-account accessA valid IAM role ARN
CUBEJS_DB_REDSHIFT_ASSUME_ROLE_EXTERNAL_IDThe external ID for the assumed role’s trust policyA string
CUBEJS_DB_EXPORT_BUCKET_REDSHIFT_ARN
CUBEJS_CONCURRENCYThe number of concurrent queries to the data sourceA valid number
1 Required when using password-based authentication. When using IAM authentication, omit these and set CUBEJS_DB_REDSHIFT_CLUSTER_IDENTIFIER and CUBEJS_DB_REDSHIFT_AWS_REGION instead. The driver uses the AWS SDK’s default credential chain (IAM instance profile, EKS IRSA, etc.) to obtain temporary database credentials.

Pre-Aggregation Feature Support

count_distinct_approx

Measures of type count_distinct_approx can not be used in pre-aggregations when using AWS Redshift as a source database.

Pre-Aggregation Build Strategies

To learn more about pre-aggregation build strategies, head here.
FeatureWorks with read-only mode?Is default?
Batching
Export Bucket
By default, AWS Redshift uses batching to build pre-aggregations.

Batching

Cube requires the Redshift user to have ownership of a schema in Redshift to support pre-aggregations. By default, the schema name is prod_pre_aggregations. It can be set using the pre_aggregations_schema configration option. No extra configuration is required to configure batching for AWS Redshift.

Export bucket

AWS Redshift only supports using AWS S3 for export buckets.

AWS S3

For improved pre-aggregation performance with large datasets, enable export bucket functionality by configuring Cube with the following environment variables:
Ensure the AWS credentials are correctly configured in IAM to allow reads and writes to the export bucket in S3.
CUBEJS_DB_EXPORT_BUCKET_TYPE=s3
CUBEJS_DB_EXPORT_BUCKET=my.bucket.on.s3
CUBEJS_DB_EXPORT_BUCKET_AWS_KEY=<AWS_KEY>
CUBEJS_DB_EXPORT_BUCKET_AWS_SECRET=<AWS_SECRET>
CUBEJS_DB_EXPORT_BUCKET_AWS_REGION=<AWS_REGION>

SSL

To enable SSL-encrypted connections between Cube and AWS Redshift, set the CUBEJS_DB_SSL environment variable to true. For more information on how to configure custom certificates, please check out Enable SSL Connections to the Database.