in Redshift cluster from the Kinesis FireHose?
A. You have to make sure that AWS Redshift cluster is created in the private region only.
B. You have to make sure that AWS Redshift cluster can unblocks the ingress traffic from the AWS Kinesis FireHose Stream.
C. You have to make sure that the Redshift cluster is using the private IP only.
D. You have to make sure that the Redshift cluster is using the public IP as well.
E. You must have to create a VPC endpoint connection between Kinesis Firehose stream and Redshift public IP.
1. A,B
2. B,C
3. B,D
4. D,E
5. A,E
Correct Answer : 3 Exp : Question required that what is the minimum requirement when Redshift cluster is placed in the VPC which stores the data from the AWS Kinesis FireHose. Lets understand few concepts before
concluding the answer.
When we use an AWS Redshift cluster as a destination for the Kinesis FireHose, it first delivers the data to your S3 bucket as an intermediate location. If you want encryption then, it can use the AWS KMS CMK as well
for data encryption. Once data is in S3 bucket Kinesis Data FireHose loads this data from S3 to Redshift cluster. Even if error logging is enabled, then Kinesis Data Firehose also sends data delivery errors to your
CloudWatch log group and streams. Kinesis Data Firehose uses the specified Amazon Redshift username and password to access your cluster, and uses an IAM role to access the specified bucket, KMS Key, and CloudWatch log
groups and streams. You are required to have an IAM role when creating a delivery stream.
Now as a next point, if Redshift cluster is placed in the VPC, it must be publicly accessible with the public IP address and grant Kinesis Data Firehose access to your Amazon Redshift cluster by unblocking the Kinesis
Data Firehose IP addresses. Kinesis Firehose currently using the one of the specific CIDR block for each available region. Examples are
13.232.67.32/27 for Asia Pacific (Mumbai)
13.57.135.192/27 for US West (N. California)
18.130.1.96/27 for EU (London)
3
