Try our plataform
Redshift SSH

Redshift, created by AWS, is an ideal database for storing large volumes of data. It was developed using Postgres itself (one of the best-known general-purpose databases), but it has a columnar architecture that offers incredible processing speed.

SSH pipeline differs from traditional pipeline in that it connects to the database through an intermediate server, also called a tunnel or bastion.

In this article, we'll show you how to register a Redshift SSH database as a destination on Kondado's platform.

Before adding the database, make sure that the user and the bank server are accessible to our IPs that are listed here and allow the connection to the intermediary server on the port that will be used, then follow the steps below:

1) Login to the Kondado platform

2) Navigate to the add destinations page, click on “New Destination” and select the Redshift SSH destination

3) Fill in your database information as shown below:

  1. Name: This is the internal description of your destination on the Kondado platform
  2. Server Address: The address of your database's intermediary server
  3. Server Port: The passthru server port for your database
  4. Server User: The database passthru server user
  5. Server PEM Key: The text of the file with the PEM key
  6. Database address: Your cluster's server address (can be found on your cluster's AWS page under General information > Endpoint)
  7. Database port: Your cluster's port (can be found on your cluster's AWS page under Properties > Database configurations > Port)
  8. Database User: the username that Kondado will use to enter data into your cluster. This user must have DROP, INSERT, CREATE, ALTER, SELECT and DELETE permissions on tables and schemas (can be found on your cluster's AWS page under Properties > Database configurations > Admin user name)
  9. Database Password: The cluster user's password
  10. Database: the database name (can be found on your cluster's AWS page under Properties > Database configurations > Database name)
  11. Schema: inform a schema or leave the default “public” [1]
  12. Click save and your new destination will be created!

[1] Kondado will try to create the schema with the value informed in the “schema” parameter and if this is not possible (for example, due to lack of permission), the public schema will be used. Even if the schema already exists, Kondado must have permission to create schemas (“GRANT CREATE ON DATABASE db TO user”) if you do not want to use the public schema. For existing schemas, it is also important that the user registered at Kondado has permission to use the schema (“GRANT USAGE ON SCHEMA schema_name TO user;”)

Add Redshift SSH as a Destination on Kondado

Register a Redshift database that connects through an SSH tunnel (bastion server) as a destination in Kondado.

1
Prepare network access and permissions

Before starting, ensure your Redshift cluster and bastion server allow connections from Kondado's IPs. The database user must have DROP, INSERT, CREATE, ALTER, SELECT, and DELETE permissions. Review our security documentation for IP details and best practices.

2
Log in and start creating the destination

Log in to the Kondado platform, navigate to the destinations page, click 'New Destination', and select 'Redshift SSH' from the available options.

3
Configure the SSH tunnel (bastion server)

Enter the intermediary server details: Server Address, Server Port, Server User, and paste the Server PEM Key text. This establishes the secure SSH tunnel to reach your private Redshift cluster.

4
Enter Redshift cluster connection details

Provide your cluster's Database Address (Endpoint from AWS), Database Port, Database User with proper permissions, Database Password, Database Name, and Schema (default is 'public'). Find these values on your cluster's AWS page under Properties > Database configurations.

5
Save and verify the destination

Click 'Save' to create the destination. Kondado will attempt to create the specified schema if it doesn't exist; if that fails due to permissions, it will fall back to the 'public' schema. Ensure the user has CREATE permission on the database and USAGE permission on existing schemas.

Frequently asked questions

What is the difference between a Redshift SSH destination and a regular Redshift destination?
A Redshift SSH destination connects to your database through an intermediate server (also called a tunnel or bastion), while a traditional pipeline connects directly. The SSH tunnel provides an additional security layer for clusters that aren't publicly accessible.
Where can I find my Redshift cluster's endpoint and port?
You can find these on your cluster's AWS page. The endpoint is located under General information > Endpoint, and the port is under Properties > Database configurations > Port. You'll also find the database name and admin username in the same Properties section.
What permissions does the database user need for Kondado to work properly?
The database user must have DROP, INSERT, CREATE, ALTER, SELECT, and DELETE permissions on tables and schemas. Additionally, if you want to use a custom schema (not 'public'), the user needs CREATE permission on the database (GRANT CREATE ON DATABASE db TO user) and USAGE permission on existing schemas (GRANT USAGE ON SCHEMA schema_name TO user).
What happens if Kondado can't create the schema I specified?
If Kondado cannot create the schema you provided (for example, due to insufficient permissions), it will automatically fall back to using the 'public' schema instead. To avoid this, ensure your database user has the necessary CREATE and USAGE permissions as described in the article.
Can I use Kondado to build pipelines from my sources to Redshift SSH?
Yes, once your Redshift SSH destination is configured, you can create data pipelines from various sources. Explore our data integration capabilities to connect CRMs, ad platforms, e-commerce systems, and databases to your Redshift cluster.
Written by·Published 2023-07-18·Updated 2026-04-25