AWSTemplateFormatVersion: '2010-09-09' Description: 'Amazon Redshift Aug,19,2019 (qs-1psnj8eli)' Parameters: VPCID: Description: The ID of your existing VPC that you’re deploying Redshift into. Type: 'AWS::EC2::VPC::Id' RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block to access Redshift cluster. Type: String Subnet1ID: Description: The ID of the private subnet in Availability Zone 1 in your existing VPC. Type: 'AWS::EC2::Subnet::Id' Subnet2ID: Description: The ID of the private subnet in Availability Zone 2 in your existing VPC. Type: 'AWS::EC2::Subnet::Id' PubliclyAccessible: AllowedValues: - 'true' - 'false' Default: 'false' Description: Indicates whether the cluster can be accessed from a public network. Type: String DatabaseName: Description: The name of the first database to be created when the cluster is created. Type: String Default: rsdev01 AllowedPattern: '([a-z]|[0-9])+' RedshiftClusterPort: Description: The port number on which the cluster accepts incoming connections. Type: Number Default: '8200' NumberOfNodes: Description: The number of compute nodes in the cluster. For multi-node clusters, the NumberOfNodes parameter must be greater than 1. Type: Number Default: '2' NodeType: Description: The type of node to be provisioned Type: String Default: dc2.large AllowedValues: - dc2.large - dc2.8xlarge - ra3.4xlarge - ra3.16xlarge - ds2.xlarge - ds2.8xlarge MasterUsername: Description: The user name that is associated with the master user account for the cluster that is being created. Type: String Default: rsadmin AllowedPattern: '([a-z])([a-z]|[0-9])*' ConstraintDescription: must start with a-z and contain only a-z or 0-9. MasterUserPassword: Description: >- The password that is associated with the master user account for the cluster that is being created. Must have at least 8 characters and no more than 64 characters, and must include 1 uppercase letter, 1 lowercase letter, 1 number, and 1 symbol (excluding / @ \" '). NoEcho: true Type: String MinLength: '8' MaxLength: '64' AllowedPattern: '(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*' ConstraintDescription: >- Enter alphanumeric password for the master user. The password must contain 8 to 64 printable ASCII characters, excluding: /, ", \'', \ and @. It must contain one uppercase letter, one lowercase letter, and one number. Maintenancewindow: Description: The maintenance window for the Redshift cluster. Type: String Default: 'sat:05:00-sat:05:30' MaxConcurrentCluster: Description: The maximum number of concurrency scaling Redshift clusters. Type: String Default: '1' EncryptionAtRest: Description: Enables or disables encryption at rest of the Redshift database. Type: String Default: 'false' AllowedValues: - 'true' - 'false' ConstraintDescription: must be true or false. kmskey: Description: The existing KMS key ID for encrypting Redshift database at-rest. Type: String Default: '' NotificationList: Type: String Description: The email notification list that is used to configure an SNS topic for sending CloudWatch alarm and event notifications. AllowedPattern: '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' ConstraintDescription: provide a valid email address. Default: 'ops@company.com' SnapshotIdentifier: Description: The Redshift snapshot identifier. Leave this blank for a new cluster. Enter the snapshot identifier, only if you want to restore from a snapshot. Default: '' Type: String SnapshotAccountNumber: Description: The AWS account number where the Redshift snapshot was created. Leave this blank, if the snapshot was created in the current AWS account. Default: '' Type: String EnableLoggingToS3: Default: 'false' Type: String AllowedValues: - 'true' - 'false' Description: Enables or disables logging to an S3 bucket. To enable logging, select True. S3BucketForRedshiftIAMRole: Type: String Description: The existing Amazon S3 bucket. An IAM role will be created and associated to the Redshift cluster with GET and LIST access to this bucket. Default: '' GlueCatalogDatabase: Default: '' Type: String Description: The name of your Glue Data Catalog database. AllowedPattern: '([ \t\n\x0B\f\r])*|([a-z])([\-]|[a-z]|[\-]|[0-9])*' ConstraintDescription: must start with a-z and contain only a-z or 0-9 or hyphen (-). ConcurrencyScaling: Default: 'auto' Type: String AllowedValues: - 'auto' - 'off' Description: When the number of queries routed to a queue exceeds the queue's configured concurrency, eligible queries go to the scaling cluster. QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: 'Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).' Default: aws-quickstart Description: 'S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).' Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: 'Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).' Default: quickstart-amazon-redshift/ Description: 'S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).' Type: String TagName: Type: String Description: The unique friendly name as required by your company’s tagging strategy document, and which will be added to the environment tag. Default: 'redshift' TagEnvironment: Type: String AllowedValues: - dev - test - pre-prod - prod - none Default: none Description: The environment tag that is used to designate the environment stage of the associated AWS resource. TagProjectCostCenter: Type: String Description: The cost center associated with the project of the given AWS resource. Default: '0000' TagConfidentiality: Type: String Description: The confidentiality classification of the data that is associated with the resource. AllowedValues: - public - private - confidential - pii/phi Default: 'private' TagCompliance: Type: String Description: The compliance level for the AWS resource. AllowedValues: - hipaa - sox - fips - other Default: 'other' Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: VPC Network Configuration Parameters: - VPCID - Subnet1ID - Subnet2ID - RemoteAccessCIDR - Label: default: Amazon Redshift configuration Parameters: - NodeType - NumberOfNodes - RedshiftClusterPort - DatabaseName - MasterUsername - MasterUserPassword - NotificationList - PubliclyAccessible - Label: default: Amazon Redshift advanced configuration Parameters: - EnableLoggingToS3 - MaxConcurrentCluster - EncryptionAtRest - kmskey - SnapshotIdentifier - SnapshotAccountNumber - Maintenancewindow - S3BucketForRedshiftIAMRole - GlueCatalogDatabase - ConcurrencyScaling - Label: default: Tag identifiers Parameters: - TagEnvironment - TagName - TagProjectCostCenter - TagConfidentiality - TagCompliance - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: VPCID: default: VPC ID Subnet1ID: default: Private subnet 1 ID Subnet2ID: default: Private subnet 2 ID RemoteAccessCIDR: default: Permitted IP range DatabaseName: default: Redshift database name RedshiftClusterPort: default: Redshift cluster port NodeType: default: Node type for Redshift cluster NumberOfNodes: default: Number of nodes in Redshift cluster MasterUsername: default: Redshift master user name MasterUserPassword: default: Redshift Master user password S3BucketForRedshiftIAMRole: default: Amazon S3 bucket for Redshift IAM role NotificationList: default: Email address for SNS notification EnableLoggingToS3: default: Enable Redshift logging to S3 MaxConcurrentCluster: default: Max. number of concurrent clusters EncryptionAtRest: default: Encryption at rest kmskey: default: KMS key ID SnapshotIdentifier: default: Redshift snapshot identifier SnapshotAccountNumber: default: AWS account-ID of the Redshift Snapshot GlueCatalogDatabase: default: Glue catalog database name ConcurrencyScaling: default: Concurrency Scaling Maintenancewindow: default: Maintenance window TagEnvironment: default: Environment TagName: default: Unique friendly name TagCompliance: default: Compliance classifier TagConfidentiality: default: Confidentiality classifier TagProjectCostCenter: default: Project cost center PubliclyAccessible: default: Make Redshift publicly accessible QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix Mappings: RedshiftLoggingAccountIDRegionMap: us-gov-west-1: RSAccountID: xx us-east-1: RSAccountID: 193672423079 us-east-2: RSAccountID: 391106570357 us-west-1: RSAccountID: 262260360010 us-west-2: RSAccountID: 902366379725 ap-east-1: RSAccountID: 313564881002 ap-south-1: RSAccountID: 865932855811 ap-northeast-3: RSAccountID: 090321488786 ap-northeast-2: RSAccountID: 760740231472 ap-southeast-1: RSAccountID: 361669875840 ap-southeast-2: RSAccountID: 762762565011 ap-northeast-1: RSAccountID: 404641285394 ca-central-1: RSAccountID: 907379612154 cn-north-1: RSAccountID: 111890595117 cn-northwest-1: RSAccountID: 660998842044 eu-west-1: RSAccountID: 210876761215 eu-central-1: RSAccountID: 053454850223 eu-west-2: RSAccountID: 307160386991 eu-west-3: RSAccountID: 915173422425 eu-north-1: RSAccountID: 729911121831 sa-east-1: RSAccountID: 075028567923 Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] GovCloudCondition: !Equals [!Ref 'AWS::Region', 'us-gov-west-1'] RedshiftSingleNodeClusterCondition: Fn::Equals: - Ref: NumberOfNodes - '1' IsPublic: !Equals - !Ref 'PubliclyAccessible' - 'true' IsProd: !Equals [!Ref TagEnvironment, 'prod'] IsEncryptionAtRest: !Equals [!Ref EncryptionAtRest, 'true'] IsEnableLoggingToS3: !And - !Equals [!Ref EnableLoggingToS3, 'true'] - !Not [!Condition GovCloudCondition] IsConfigureRedshiftIAMRole: Fn::Not: - Fn::Equals: - '' - Ref: S3BucketForRedshiftIAMRole IsGlueCatalogName: Fn::Not: - Fn::Equals: - '' - Ref: GlueCatalogDatabase IsSnapshotSpecified: Fn::Not: - Fn::Equals: - '' - Ref: SnapshotIdentifier IsSnapshotAccountSpecified: Fn::Not: - Fn::Equals: - '' - Ref: SnapshotAccountNumber Resources: GenerateIdStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/generateid.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [ UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName, ] RedshiftSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: !Join [ '-', ['Redshift-Security-Group', !GetAtt GenerateIdStack.Outputs.UniqueID], ] VpcId: !Ref VPCID SecurityGroupIngress: - IpProtocol: tcp FromPort: !Ref RedshiftClusterPort ToPort: !Ref RedshiftClusterPort CidrIp: !Ref RemoteAccessCIDR Description: 'Redshift Access to VPC CIDR' Tags: - Key: Name Value: !Join - '_' - - !Ref TagName - !Sub '${AWS::StackName}-RedshiftSecurityGroup' - Key: Environment Value: !Ref TagEnvironment - Key: ProjectCostCenter Value: !Ref TagProjectCostCenter - Key: Confidentiality Value: !Ref TagConfidentiality - Key: Compliance Value: !Ref TagCompliance RedshiftLoggingS3Bucket: Type: 'AWS::S3::Bucket' DeletionPolicy: Retain Condition: IsEnableLoggingToS3 Properties: LifecycleConfiguration: Rules: - Id: RedshiftLogsArchivingToGlacier Status: Enabled ExpirationInDays: 30 Transitions: - TransitionInDays: 14 StorageClass: Glacier Tags: - Key: Name Value: !Join [ '-', [ !Ref TagName, !Ref 'AWS::StackName', 'Redshift-Cluster-LoggingBucket', ], ] - Key: Environment Value: !Ref TagEnvironment - Key: ProjectCostCenter Value: !Ref TagProjectCostCenter - Key: Confidentiality Value: !Ref TagConfidentiality - Key: Compliance Value: !Ref TagCompliance RedshiftLoggingS3BucketPolicy: Type: 'AWS::S3::BucketPolicy' Condition: IsEnableLoggingToS3 Properties: Bucket: !Ref RedshiftLoggingS3Bucket PolicyDocument: Statement: - Principal: AWS: !Join [ '', [ 'arn:aws:iam::', !FindInMap [ RedshiftLoggingAccountIDRegionMap, !Ref 'AWS::Region', RSAccountID, ], ':user/logs', ], ] Effect: Allow Action: 's3:GetBucketAcl' Resource: !Sub '${RedshiftLoggingS3Bucket.Arn}' - Principal: AWS: !Join [ '', [ 'arn:aws:iam::', !FindInMap [ RedshiftLoggingAccountIDRegionMap, !Ref 'AWS::Region', RSAccountID, ], ':user/logs', ], ] Effect: Allow Action: 's3:PutObject' Resource: !Sub '${RedshiftLoggingS3Bucket.Arn}/AWSLogs/*' RedshiftClusterParameterGroup: Type: 'AWS::Redshift::ClusterParameterGroup' Properties: Description: !Join [ ' ', [ 'Redshift-Cluster-Parameter-Group-', !GetAtt GenerateIdStack.Outputs.UniqueID, ], ] ParameterGroupFamily: redshift-1.0 Parameters: - ParameterName: enable_user_activity_logging ParameterValue: !If [IsProd, 'true', 'false'] - ParameterName: require_ssl ParameterValue: 'true' - ParameterName: auto_analyze ParameterValue: 'true' - ParameterName: statement_timeout ParameterValue: '43200000' - ParameterName: max_concurrency_scaling_clusters ParameterValue: !Ref MaxConcurrentCluster - ParameterName: 'wlm_json_configuration' ParameterValue: !Sub '[ { "query_group" : [ ],"query_group_wild_card" : 0,"user_group" : [ ],"user_group_wild_card" : 0,"concurrency_scaling" : "${ConcurrencyScaling}","rules" : [ { "rule_name" : "DiskSpilling", "predicate" : [ { "metric_name" : "query_temp_blocks_to_disk", "operator" : ">", "value" : 100000 } ], "action" : "log"}, { "rule_name" : "RowJoining", "predicate" : [ { "metric_name" : "join_row_count", "operator" : ">", "value" : 1000000000 } ], "action" : "log"} ],"priority" : "normal","queue_type" : "auto","auto_wlm" : true }, {"short_query_queue" : true } ]' Tags: - Key: Name Value: !Join [ '-', [ !Ref TagName, !Ref 'AWS::StackName', 'Primary Cluster Parameter group', ], ] - Key: Environment Value: !Ref TagEnvironment - Key: ProjectCostCenter Value: !Ref TagProjectCostCenter - Key: Confidentiality Value: !Ref TagConfidentiality - Key: Compliance Value: !Ref TagCompliance RedshiftClusterSubnetGroup: Type: 'AWS::Redshift::ClusterSubnetGroup' Properties: Description: Cluster subnet group SubnetIds: - !Ref Subnet1ID - !Ref Subnet2ID Tags: - Key: Name Value: !Join [ '-', [ !Ref TagName, !Ref 'AWS::StackName', 'Primary Redshift Cluster Subnet group', ], ] - Key: Environment Value: !Ref TagEnvironment - Key: ProjectCostCenter Value: !Ref TagProjectCostCenter - Key: Confidentiality Value: !Ref TagConfidentiality - Key: Compliance Value: !Ref TagCompliance RedshiftCluster: Type: 'AWS::Redshift::Cluster' DeletionPolicy: 'Snapshot' UpdateReplacePolicy: 'Snapshot' Properties: ClusterType: !If [RedshiftSingleNodeClusterCondition, 'single-node', 'multi-node'] ClusterIdentifier: !Join [ '-', [!Ref DatabaseName, !GetAtt GenerateIdStack.Outputs.UniqueID], ] NumberOfNodes: !If [ RedshiftSingleNodeClusterCondition, !Ref 'AWS::NoValue', !Ref NumberOfNodes, ] NodeType: !Ref NodeType DBName: !Ref DatabaseName KmsKeyId: !If [IsEncryptionAtRest, !Ref kmskey, !Ref 'AWS::NoValue'] Encrypted: !Ref EncryptionAtRest Port: !Ref RedshiftClusterPort MasterUsername: !Ref MasterUsername MasterUserPassword: !Ref MasterUserPassword ClusterParameterGroupName: !Ref RedshiftClusterParameterGroup SnapshotIdentifier: !If [IsSnapshotSpecified, !Ref SnapshotIdentifier, !Ref 'AWS::NoValue'] OwnerAccount: !If [ IsSnapshotAccountSpecified, !Ref SnapshotAccountNumber, !Ref 'AWS::NoValue', ] VpcSecurityGroupIds: - !Ref RedshiftSecurityGroup PreferredMaintenanceWindow: !Ref Maintenancewindow AutomatedSnapshotRetentionPeriod: !If [IsProd, 35, 8] PubliclyAccessible: !If - IsPublic - true - false ClusterSubnetGroupName: !Ref RedshiftClusterSubnetGroup LoggingProperties: !If - IsEnableLoggingToS3 - BucketName: !Ref RedshiftLoggingS3Bucket S3KeyPrefix: 'AWSLogs' - !Ref 'AWS::NoValue' IamRoles: - !If - IsConfigureRedshiftIAMRole - !GetAtt MyRedshiftIAMRole.Arn - !Ref 'AWS::NoValue' Tags: - Key: Name Value: !Join [ '-', [!Ref TagName, !Ref 'AWS::StackName', 'Redshift-Cluster'], ] - Key: Environment Value: !Ref TagEnvironment - Key: ProjectCostCenter Value: !Ref TagProjectCostCenter - Key: Confidentiality Value: !Ref TagConfidentiality - Key: Compliance Value: !Ref TagCompliance GlueCatalogDB: Condition: IsGlueCatalogName Type: 'AWS::Glue::Database' Properties: CatalogId: !Ref AWS::AccountId DatabaseInput: Name: !Ref GlueCatalogDatabase Description: !Join [ '-', [ 'AWS-Glue-Catalog-Database', !GetAtt GenerateIdStack.Outputs.UniqueID, ], ] MyRedshiftIAMRole: Type: 'AWS::IAM::Role' Condition: IsConfigureRedshiftIAMRole Properties: RoleName: !Join [ '-', ['Redshift-IAM-Role', !GetAtt GenerateIdStack.Outputs.UniqueID], ] AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Principal: Service: - 'redshift.amazonaws.com' - 'glue.amazonaws.com' Action: - 'sts:AssumeRole' Path: '/' Policies: - PolicyName: !Join [ '-', [ 'Spectrum-Glue-Access-Policy', !GetAtt GenerateIdStack.Outputs.UniqueID, ], ] PolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Action: - s3:GetBucketLocation - s3:GetObject - s3:ListMultipartUploadParts - s3:ListBucket - s3:ListBucketMultipartUploads Resource: - !Join [ '', ['arn:aws:s3:::', !Ref S3BucketForRedshiftIAMRole], ] - !Join [ '', ['arn:aws:s3:::', !Ref S3BucketForRedshiftIAMRole, '/*'], ] - Effect: Allow Action: - glue:CreateDatabase - glue:DeleteDatabase - glue:GetDatabase - glue:GetDatabases - glue:UpdateDatabase - glue:CreateTable - glue:DeleteTable - glue:BatchDeleteTable - glue:UpdateTable - glue:GetTable - glue:GetTables - glue:BatchCreatePartition - glue:CreatePartition - glue:DeletePartition - glue:BatchDeletePartition - glue:UpdatePartition - glue:GetPartition - glue:GetPartitions - glue:BatchGetPartition - logs:* Resource: - '*' SNSTopic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: !Ref NotificationList Protocol: email DiskSpacealarmredshift: Type: 'AWS::CloudWatch::Alarm' Properties: MetricName: !Join - '' - - !Ref RedshiftCluster - High-PercentageDiskSpaceUsed AlarmDescription: !Join - '' - - DiskSpace Utilization > 85% for - !Ref RedshiftCluster Namespace: AWS/Redshift Statistic: Average Period: 300 EvaluationPeriods: 3 Threshold: 85 AlarmActions: - !Ref SNSTopic Dimensions: - Name: ClusterIdentifier Value: !Ref RedshiftCluster ComparisonOperator: GreaterThanThreshold Unit: Percent HighCPUutilizationalarmredshift: Type: 'AWS::CloudWatch::Alarm' Condition: IsProd Properties: MetricName: !Join - '' - - !Ref RedshiftCluster - High-CPUUtilization AlarmDescription: !Join - '' - - CPUUtilization > 95% for last 15 min for cluster - !Ref RedshiftCluster Namespace: AWS/Redshift Statistic: Average Period: 300 EvaluationPeriods: 3 Threshold: 95 AlarmActions: - !Ref SNSTopic Dimensions: - Name: ClusterIdentifier Value: !Ref RedshiftCluster ComparisonOperator: GreaterThanThreshold Unit: Percent Outputs: StackName: Description: 'Stack name' Value: !Sub '${AWS::StackName}' RedshiftClusterEndpoint: Description: Redshift cluster endpoint address with port Value: !Sub '${RedshiftCluster.Endpoint.Address}:${RedshiftCluster.Endpoint.Port}' Export: Name: !Sub '${AWS::StackName}-RedshiftClusterEndpoint' RedshiftEndpoint: Description: Redshift endpoint address Value: !Sub '${RedshiftCluster.Endpoint.Address}' Export: Name: !Sub '${AWS::StackName}-RedshiftEndpoint' RedshiftPort: Description: Redshift endpoint port Value: !Sub '${RedshiftCluster.Endpoint.Port}' Export: Name: !Sub '${AWS::StackName}-RedshiftPort' RedshiftCluster: Description: Redshift cluser identifier Value: !Sub '${RedshiftCluster}' Export: Name: !Sub '${AWS::StackName}-RedshiftCluster' RedshiftParameterGroupName: Description: Redshift parameter group Value: !Ref RedshiftClusterParameterGroup Export: Name: !Sub '${AWS::StackName}-RedshiftParameterGroupName' RedshiftDatabaseName: Description: Redshift database name Value: !If - IsSnapshotSpecified - !Join [ ' ', [ 'Check name of database from which the Snapshot', !Ref SnapshotIdentifier, ' was originally taken.', ], ] - !Ref DatabaseName Export: Name: !Sub '${AWS::StackName}-RedshiftDatabaseName' RedshiftUsername: Value: !Ref MasterUsername Export: Name: !Sub '${AWS::StackName}-RedshiftUsername' RedshiftLoggingS3Bucket: Description: Amazon S3 bucket created for audit logging Condition: IsEnableLoggingToS3 Value: !Ref RedshiftLoggingS3Bucket Export: Name: !Sub '${AWS::StackName}-RedshiftLoggingS3Bucket' RedshiftClusterIAMRole: Description: IAM Role assigned to Redshift cluster Condition: IsConfigureRedshiftIAMRole Value: !GetAtt MyRedshiftIAMRole.Arn Export: Name: !Sub '${AWS::StackName}-RedshiftClusterIAMRole' GlueCatalogDBName: Description: AWS Glue Catalog database Condition: IsGlueCatalogName Value: !Ref GlueCatalogDB Export: Name: !Sub '${AWS::StackName}-GlueCatalogDBName' PSQLCommandLine: Description: PSQL command line Value: !Join - '' - - 'psql -h ' - !GetAtt 'RedshiftCluster.Endpoint.Address' - ' -p ' - !GetAtt 'RedshiftCluster.Endpoint.Port' - ' -U ' - !Ref MasterUsername - ' -d ' - !Ref DatabaseName