VOOZH about

URL: https://docs.datadoghq.com/data_observability/quality_monitoring/data_warehouses/redshift/

⇱ Redshift

For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/data_observability/quality_monitoring/data_warehouses/redshift.md. A documentation index is available at /llms.txt.
This product is not supported for your selected Datadog site. ().

Overview

The Redshift integration connects Datadog to your Amazon Redshift cluster to sync metadata, query history, and table-level metrics. Use it to monitor data freshness, detect anomalies, and trace lineage across your warehouse and downstream tools.

Datadog supports both provisioned Redshift clusters and Redshift Serverless workgroups.

Prerequisites

Before you begin, make sure you have:

  • An AWS account connected in Datadog.
    • Log forwarding is not required for Data Observability.
  • A Redshift superuser or database user with the ability to create roles and grant privileges.
  • If your Redshift cluster or workgroup restricts network access by IP, add Datadog webhook IPs to your VPC security group inbound rules. For the list of IPs, see the webhooks section of the .

Set up your account in Redshift

Connect to your Redshift cluster as a superuser and run the following SQL to create a dedicated role for Datadog.

  1. Create a role and grant access to system catalog views.

    -- Create a dedicated role for Datadog monitoring
CREATEROLEdatadog_role;-- Required for table size metrics
GRANTSELECTONsvv_table_infoTOROLEdatadog_role;

  2. Grant read-only access to your data.

    Run the following for each schema you want Datadog to monitor:

    GRANTUSAGEONSCHEMA"<YOUR_SCHEMA>"TOROLEdatadog_role;GRANTSELECTONALLTABLESINSCHEMA"<YOUR_SCHEMA>"TOROLEdatadog_role;ALTERDEFAULTPRIVILEGESINSCHEMA"<YOUR_SCHEMA>"GRANTSELECTONTABLESTOROLEdatadog_role;

    To generate grant statements for all schemas at once, run:

    SELECT'GRANT USAGE ON SCHEMA "'||schema_name||'" TO ROLE datadog_role;'||'\n'||'GRANT SELECT ON ALL TABLES IN SCHEMA "'||schema_name||'" TO ROLE datadog_role;'||'\n'||'ALTER DEFAULT PRIVILEGES IN SCHEMA "'||schema_name||'" GRANT SELECT ON TABLES TO ROLE datadog_role;'ASgrant_statementFROMsvv_all_schemasWHEREschema_nameNOTIN('information_schema','pg_catalog','pg_internal','catalog_history');

    Copy and run the output to apply grants to all schemas.

  3. Create or assign the Datadog database user.

Create a dedicated database user and assign the role:

-- Replace <STRONG_PASSWORD> with a secure password
CREATEUSERdatadog_userPASSWORD'<STRONG_PASSWORD>'SYSLOGACCESSUNRESTRICTED;GRANTROLEdatadog_roleTOdatadog_user;

In Redshift Serverless, database users are automatically mapped from IAM identities. For example, an IAM role named DatadogIntegrationRole maps to the database user IAMR:DatadogIntegrationRole.

Grant the datadog_role to your IAM-mapped database user:

GRANTROLEdatadog_roleTO"IAMR:<YOUR_IAM_ROLE_NAME>";ALTERUSER"IAMR:<YOUR_IAM_ROLE_NAME>"SYSLOGACCESSUNRESTRICTED;

Configure IAM policies

Add the following policies to the Datadog AWS integration IAM role associated with the AWS account that contains your Redshift cluster.

Attach the AmazonRedshiftDataFullAccess AWS managed policy and an inline policy granting redshift:GetClusterCredentials for the Datadog database user created in the previous section:

{
 "Version": "2012-10-17",
 "Statement": [
 {
 "Effect": "Allow",
 "Action": "redshift:GetClusterCredentials",
 "Resource": [
 "arn:aws:redshift:<REGION>:<ACCOUNT_ID>:dbuser:<CLUSTER_IDENTIFIER>/datadog_user"
 ]
 }
 ]
}

Attach the AmazonRedshiftDataFullAccess AWS managed policy and an inline policy granting redshift-serverless:GetCredentials for your workgroup:

{
 "Version": "2012-10-17",
 "Statement": [
 {
 "Effect": "Allow",
 "Action": "redshift-serverless:GetCredentials",
 "Resource": "arn:aws:redshift-serverless:<REGION>:<ACCOUNT_ID>:workgroup/<WORKGROUP_ID>"
 }
 ]
}

Configure the Redshift integration in Datadog

To configure the Redshift integration in Datadog:

  1. Navigate to Datadog Data Observability > Settings.

  2. Click the Configure button for the Redshift option.

  3. Select a connected AWS account or add a new AWS account.

  4. Enter your cluster connection details:

  • Cluster identifier: Your Redshift cluster identifier.
  • Region: The AWS region where your cluster is hosted (for example, us-east-1).
  • Database user: The Datadog user created during setup (for example, datadog_user).
  • Initial database: The name of the database to connect to (defaults to dev).
  • Workgroup name: Your Redshift Serverless workgroup name.
  • Region: The AWS region where your workgroup is hosted (for example, us-east-1).
  • Initial database: The name of the database to connect to (defaults to dev).
  1. Click Add account.

Next steps

After you save, Datadog begins syncing your information schema and query history in the background. Initial syncs can take up to several hours depending on the size of your Redshift deployment.

After the initial sync completes, create a Data Observability monitor to start alerting on freshness, column-level metrics, and custom SQL metrics.

Further reading