in amazon-neptune-and-aws-cdk-for-amundsen/lib/redshift-stack.ts [21:69]
constructor(scope: App, id: string, props: RedshiftStackProps) {
super(scope, id, props);
/*
Redshift Federated Query to Postgres
*/
this.role = new Role(this, 'Redshift-Federated-Query-Role', {
assumedBy: new ServicePrincipal('redshift.amazonaws.com'),
});
this.role.addToPolicy(new PolicyStatement({
effect: Effect.ALLOW,
actions: [
'secretsmanager:GetResourcePolicy',
'secretsmanager:GetSecretValue',
'secretsmanager:DescribeSecret',
'secretsmanager:ListSecretVersionIds'
],
resources: [
props.redshiftSecret.secretArn,
props.rdsSecret.secretArn
],
}));
this.role.addToPolicy(new PolicyStatement({
effect: Effect.ALLOW,
actions: [
'secretsmanager:GetRandomPassword',
'secretsmanager:ListSecrets'
],
resources: ['*'],
}));
this.cluster = new Cluster(this, 'Redshift-Cluster', {
masterUser: {
masterUsername: props.redshiftSecret.secretValueFromJson('username').toString(),
masterPassword: props.redshiftSecret.secretValueFromJson('password')
},
vpc: props.vpc,
clusterType: ClusterType.SINGLE_NODE,
securityGroups: [props.ingressSecurityGroup, props.egressSecurityGroup],
vpcSubnets: props.vpc.selectSubnets({
subnetType: SubnetType.PRIVATE
}),
roles: [this.role]
});
}