- Knowledge Base
- Amazon Web Services
- Amazon Redshift
- Enable Cluster Relocation
Ensure that your Amazon Redshift data warehouse clusters have the ability to relocate in another Availability Zone (AZ) without any loss of data or changes to your application. With cluster relocation, you can continue operations when there is an interruption of service on your Redshift cluster with minimal impact.
Reliability 
Operationalexcellence
When the Cluster Relocation feature is enabled, Amazon Redshift could choose to relocate your clusters in exceptional situations. In particular, this happens where issues in the current Availability Zone (AZ) prevent optimal cluster operation or in special cases where it is required to improve service availability. You can also invoke the relocation function in cases where resource constraints in a given Availability Zone are disrupting cluster operations. An example is the ability to resume or resize an existing Amazon Redshift cluster.
Note: Cluster relocation isn't available for publicly accessible Redshift clusters.
Audit
To determine if the Cluster Relocation feature is enabled for your Amazon Redshift clusters, perform the following operations:
Using AWS Console
01 Sign in to the AWS Management Console.
02 Navigate to Amazon Redshift console at https://console.aws.amazon.com/redshiftv2.
03 In the main navigation panel, under Provisioned clusters dashboard, choose Clusters.
04 Click on the name (link) of the Redshift database cluster that you want to examine.
05 Select the Maintenance tab to access the maintenance configuration settings available for the selected cluster.
06 In the Backup details section, check the Cluster relocation attribute value. If the Cluster relocation is set to Disabled, the selected Amazon Redshift data warehouse cluster is not configured for relocation to another Availability Zone (AZ).
07 Repeat steps no. 4 – 6 for each Redshift database cluster available within the current AWS region.
08 Change the AWS cloud region from the navigation bar and repeat the Audit process for other regions.
Using AWS CLI
01 Run describe-clusters command (OSX/Linux/UNIX) with custom query filters to list the identifier (name) of each Amazon Redshift cluster available in the selected region:
aws redshift describe-clusters --region us-east-1 --output table --query 'Clusters[*].ClusterIdentifier'
02 The command output should return a table with the requested cluster names:
------------------------- | DescribeClusters | +-----------------------+ | cc-redshift-cluster | | cc-main-dev-cluster | | cc-project5-cluster | +-----------------------+
03 Run describe-clusters command (OSX/Linux/UNIX) using the name of the Amazon Redshift cluster that you want to examine as the identifier parameter and custom query filters to describe the status of the Cluster Relocation feature, which provides the ability to relocate the cluster to another Availability Zone (AZ):
aws redshift describe-clusters --region us-east-1 --cluster-identifier cc-redshift-cluster --query 'Clusters[*].AvailabilityZoneRelocationStatus'
04 The command output should return the requested feature status:
[ "disabled" ]
If the describe-clusters command output returns "disabled", as shown in the example above, the Cluster Relocation feature is not enabled for the selected Amazon Redshift data warehouse cluster.
05 Repeat steps no. 3 and 4 for each Redshift database cluster provisioned in the selected AWS region.
06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.
Remediation / Resolution
To enable the Cluster Relocation feature for your existing Amazon Redshift clusters, perform the following operations:
Using AWS CloudFormation
01 CloudFormation template (JSON):
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Enable Cluster Relocation",
"Parameters": {
"ClusterName": {
"Default": "cc-redshift-cluster",
"Description": "Redshift cluster name",
"Type": "String",
"MinLength": "1",
"MaxLength": "63",
"AllowedPattern": "^[0-9a-zA-Z-/]*$",
"ConstraintDescription": "Must begin with a letter and must not end with a hyphen or contain two consecutive hyphens."
},
"ClusterNodeType": {
"Default": "dc2.large",
"Description": "Cluster node type",
"Type": "String",
"ConstraintDescription": "Must provide a valid cluster node type."
},
"DBName": {
"Description": "Cluster database name",
"Type": "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription": "Must begin with a letter and contain only alphanumeric characters."
},
"DBUsername": {
"Description": "Master username for cluster database access",
"Type": "String",
"MinLength": "1",
"MaxLength": "16",
"AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription": "Must begin with a letter and contain only alphanumeric characters."
},
"DBPassword": {
"NoEcho": "true",
"Description": "Password for cluster database access",
"Type": "String",
"MinLength": "8",
"MaxLength": "41",
"AllowedPattern": "[a-zA-Z0-9]*",
"ConstraintDescription": "Must contain only alphanumeric characters."
}
},
"Resources": {
"RedshiftCluster": {
"Type": "AWS::Redshift::Cluster",
"Properties": {
"ClusterIdentifier": {
"Ref": "ClusterName"
},
"DBName": {
"Ref": "DBName"
},
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"NodeType": {
"Ref": "ClusterNodeType"
},
"ClusterType": "single-node",
"AllowVersionUpgrade": true,
"AvailabilityZoneRelocation": true
}
}
}
}
02 CloudFormation template (YAML):
AWSTemplateFormatVersion: '2010-09-09' Description: Enable Cluster Relocation Parameters: ClusterName: Default: cc-redshift-cluster Description: Redshift cluster name Type: String MinLength: '1' MaxLength: '63' AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Must begin with a letter and must not end with a hyphen or contain two consecutive hyphens. ClusterNodeType: Default: dc2.large Description: Cluster node type Type: String ConstraintDescription: Must provide a valid cluster node type. DBName: Description: Cluster database name Type: String MinLength: '1' MaxLength: '64' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: Must begin with a letter and contain only alphanumeric characters. DBUsername: Description: Master username for cluster database access Type: String MinLength: '1' MaxLength: '16' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: Must begin with a letter and contain only alphanumeric characters. DBPassword: NoEcho: 'true' Description: Password for cluster database access Type: String MinLength: '8' MaxLength: '41' AllowedPattern: '[a-zA-Z0-9]*' ConstraintDescription: Must contain only alphanumeric characters. Resources: RedshiftCluster: Type: AWS::Redshift::Cluster Properties: ClusterIdentifier: !Ref 'ClusterName' DBName: !Ref 'DBName' MasterUsername: !Ref 'DBUsername' MasterUserPassword: !Ref 'DBPassword' NodeType: !Ref 'ClusterNodeType' ClusterType: single-node AllowVersionUpgrade: true AvailabilityZoneRelocation: true
Using Terraform (AWS Provider)
01 Terraform configuration file (.tf):
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
required_version = ">= 0.14.9"
}
provider "aws" {
profile = "default"
region = "us-east-1"
}
resource "aws_redshift_cluster" "redshift-database-cluster" {
cluster_identifier = "cc-redshift-prod-cluster"
node_type = "dc2.large"
database_name = "clusterdb"
master_username = "masterdbuser"
master_password = "masteruserpwd"
cluster_type = "single-node"
allow_version_upgrade = true
# Enable Cluster Relocation
availability_zone_relocation_enabled = true
}
Using AWS Console
01 Sign in to the AWS Management Console.
02 Navigate to Amazon Redshift console at https://console.aws.amazon.com/redshiftv2.
03 In the main navigation panel, under Provisioned clusters dashboard, choose Clusters.
04 Click on the name of the Redshift database cluster that you want to reconfigure.
05 Choose Edit from the console top menu to modify the selected cluster configuration.
06 On the Modify cluster <cluster-name> configuration page, expand the Backup panel, and select Enable under Cluster relocation to enable the Cluster Relocation feature for the selected Amazon Redshift cluster. ChooseSave changes to apply the configuration changes.
07 (Optional) To manually relocate your Redshift cluster to another Availability Zone (AZ), select the cluster, choose Actions from console top menu, select Relocate, and choose the Availability Zone to relocate your cluster to. Amazon Redshift starts the relocation process and displays the cluster as relocating. Once the relocation process is complete, the cluster status changes back to Available.
08 Repeat steps no. 4 – 6 to enable relocation for other Amazon Redshift clusters deployed within the current AWS region.
09 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other AWS regions.
Using AWS CLI
01 Run describe-clusters command (OSX/Linux/UNIX) using the name of the Amazon Redshift cluster that you want to reconfigure as the identifier parameter, to describe the name of the Availability Zone (AZ) associated with selected cluster:
aws redshift describe-clusters --region us-east-1 --cluster-identifier cc-redshift-cluster --query 'Clusters[*].AvailabilityZone'
02 The command output should return the name of the associated Availability Zone. This information will be useful for the relocation process:
[ "us-east-1e" ]
03 Run modify-cluster command (OSX/Linux/UNIX) to enable the ability to relocate the selected Amazon Redshift data warehouse cluster to another Availability Zone (AZ) within the current AWS region:
aws redshift modify-cluster --region us-east-1 --cluster-identifier cc-redshift-cluster --availability-zone-relocation
04 The command output should return the configuration metadata available for the reconfigured cluster:
{
"Cluster": {
"PubliclyAccessible": false,
"MasterUsername": "dbauser",
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-abcdabcd"
}
],
"NumberOfNodes": 2,
"PendingModifiedValues": {},
"VpcId": "vpc-abcd1234",
"ClusterVersion": "1.0",
"Tags": [],
"ManualSnapshotRetentionPeriod": -1,
"AutomatedSnapshotRetentionPeriod": 1,
"ClusterParameterGroups": [
{
"ParameterGroupName": "default.redshift-1.0",
"ParameterApplyStatus": "in-sync"
}
],
"DBName": "prod",
"PreferredMaintenanceWindow": "sun:04:30-sun:05:00",
"NextMaintenanceWindowStartTime": "2021-12-24T04:30:00Z",
"Endpoint": {
"Port": 5439,
"Address": "cc-redshift-cluster.abcd1234abcd.us-east-1.redshift.amazonaws.com"
},
"DeferredMaintenanceWindows": [],
"ClusterAvailabilityStatus": "Available",
"IamRoles": [],
"AllowVersionUpgrade": true,
"MaintenanceTrackName": "current",
"ClusterCreateTime": "2021-12-20T10:00:00.000Z",
"ClusterSubnetGroupName": "default",
"EnhancedVpcRouting": false,
"ClusterSecurityGroups": [],
"ClusterIdentifier": "cc-redshift-cluster",
"AvailabilityZone": "us-east-1e",
"NodeType": "ra3.xlplus",
"Encrypted": true,
"AvailabilityZoneRelocationStatus": "enabled",
"ClusterStatus": "available"
}
}
05 (Optional) Now you can manually relocate your Amazon Redshift cluster to another Availability Zone (AZ). Run modify-cluster command (OSX/Linux/UNIX) to initiate the relocation process for the target Availability Zone, specified as value for the --availability-zone command parameter:
aws redshift modify-cluster --region us-east-1 --cluster-identifier cc-redshift-cluster --availability-zone us-east-1a
06 The command output should return the available metadata for the modified Redshift cluster:
{
"Cluster": {
"PubliclyAccessible": false,
"MasterUsername": "dbauser",
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-abcdabcd"
}
],
"NumberOfNodes": 2,
"PendingModifiedValues": {},
"VpcId": "vpc-abcd1234",
"ClusterVersion": "1.0",
"Tags": [],
"ManualSnapshotRetentionPeriod": -1,
"AutomatedSnapshotRetentionPeriod": 1,
"ClusterParameterGroups": [
{
"ParameterGroupName": "default.redshift-1.0",
"ParameterApplyStatus": "in-sync"
}
],
"DBName": "prod",
"PreferredMaintenanceWindow": "sun:04:30-sun:05:00",
"NextMaintenanceWindowStartTime": "2021-12-24T04:30:00Z",
"Endpoint": {
"Port": 5439,
"Address": "cc-redshift-cluster.abcd1234abcd.us-east-1.redshift.amazonaws.com"
},
"DeferredMaintenanceWindows": [],
"ClusterAvailabilityStatus": "Available",
"IamRoles": [],
"AllowVersionUpgrade": true,
"MaintenanceTrackName": "current",
"ClusterCreateTime": "2021-12-20T10:00:00.000Z",
"ClusterSubnetGroupName": "default",
"EnhancedVpcRouting": false,
"ClusterSecurityGroups": [],
"ClusterIdentifier": "cc-redshift-cluster",
"AvailabilityZone": "us-east-1a",
"NodeType": "ra3.xlplus",
"Encrypted": true,
"AvailabilityZoneRelocationStatus": "enabled",
"ClusterStatus": "available"
}
}
07 Repeat steps no. 3 and 4 to enable relocation for other Amazon Redshift clusters provisioned in the selected AWS region.
08 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 7 to perform the Remediation process for other regions.
References
- AWS Documentation
- Amazon Redshift FAQs
- Amazon Redshift Clusters
- Managing Clusters Using the Console
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-clusters
- modify-cluster
Related Redshift rules
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Cluster Relocation
Risk Level: Medium