🏢 Enterprise Feature

This guide is for Enterprise tier customers who need to configure IP allowlists for their AWS Redshift connections. To get the required IP addresses for allowlisting, contact our team at support@hunch.dev.

📋 Overview

This document describes how to configure IP allow lists for AWS Redshift clusters to restrict access to only specific IP addresses while allowing Hunch to connect to your Redshift instance.

✅ Prerequisites

Before you begin, ensure you have:
  • AWS account with appropriate IAM permissions
  • Redshift cluster or serverless workgroup already created
  • Access to the AWS Console
  • Knowledge of your Redshift cluster’s VPC

⚙️ Configuration Steps

Step 1: Create Security Group

  1. Navigate to EC2 Console
  2. Access Security Groups
    • In the left navigation pane, click Security Groups under “Network & Security”
  3. Create New Security Group
    • Click Create Security Group
    • Configure the basic settings:
      • Name: hunch-redshift-allowlist
      • Description: Allow access from Hunch IPs to Redshift
      • VPC: Select the same VPC as your Redshift cluster

Step 2: Configure Inbound Rules

Add inbound rules for each IP address provided by our team:
  1. First IP Address Rule
    • Click Add Rule
    • Type: Custom TCP
    • Port Range: 5439 (default Redshift port)
    • Source: Custom - <IP_ADDRESS>/32
    • Description: Hunch IP Address
Replace <IP_ADDRESS> with the specific IP addresses provided by our support team.
  1. Optional: Add Tags
    • Click Add new tag
    • Key: Name
    • Value: hunch-redshift-allowlist
  2. Create Security Group
    • Click Create security group

Step 3: Apply Security Group to Redshift

For Redshift Serverless

  1. Navigate to Redshift Console
  2. Select Workgroup
    • Click Workgroup configuration in the left pane
    • Select your workgroup from the list
  3. Edit Network Settings
    • Click the Data access tab
    • Click Edit in the Network and security card
  4. Update Security Groups
    • Under VPC security groups:
      • Remove any existing security groups (if needed)
      • Add the newly created hunch-redshift-allowlist security group
  5. Save Changes
    • Click Save changes to apply the configuration

For Redshift Clusters

  1. Navigate to Redshift Console
  2. Select Cluster
    • Click Clusters in the left pane
    • Select your cluster from the list
  3. Edit Network Settings
    • Click the Properties tab
    • In the Network and security section, click Edit
  4. Update Security Groups
    • Under VPC security groups:
      • Remove any existing security groups (if needed)
      • Add the newly created hunch-redshift-allowlist security group
  5. Save Changes
    • Click Save changes to apply the configuration

✅ Verification

Test the Configuration

  1. After applying the security group, test the connection from Hunch:
    • Go to your Hunch integration settings
    • Click Test Connection
    • Verify the connection succeeds

Check Security Group Assignment

  1. In the Redshift Console, verify that the hunch-redshift-allowlist security group is listed under your cluster or workgroup’s network settings.

🚨 Troubleshooting

Common Issues

  1. Connection Timeout:
    • Verify all IP addresses provided by our team are correctly added to the security group
    • Ensure the security group is attached to the correct Redshift resource
    • Check that your Redshift cluster/workgroup is in the same VPC as the security group
  2. Security Group Not Found:
    • Confirm you’re in the correct AWS region
    • Verify the security group was created successfully
  3. Changes Not Taking Effect:
    • Security group changes may take a few minutes to propagate
    • Try refreshing the Hunch connection test after waiting
  4. VPC Mismatch:
    • Ensure the security group is created in the same VPC as your Redshift cluster
    • Check that the Redshift cluster is publicly accessible if connecting from external IPs

Important Notes

  • Use /32 suffix for single IP addresses (not ranges)
  • Ensure your Redshift cluster is publicly accessible if connecting from internet IPs
  • Changes may take a few minutes to take effect
  • Verify your database credentials and connection parameters are correct

🔧 Advanced Configuration

Multiple Environments

If you have multiple Redshift clusters (dev, staging, production), you can:
  1. Reuse the Same Security Group: Apply the hunch-redshift-allowlist security group to all clusters
  2. Create Environment-Specific Groups: Create separate security groups with descriptive names like hunch-redshift-prod-allowlist

Custom Ports

If your Redshift cluster uses a custom port instead of the default 5439:
  1. Update the Port Range in all inbound rules to match your custom port
  2. Ensure your firewall and network configuration allows traffic on that port

📚 Additional Resources

For more information about AWS Redshift security groups and network configuration:

🆘 Need Help?

If you encounter issues configuring your Redshift IP allowlist, please contact us at support@hunch.dev with:
  • Your AWS region and Redshift cluster/workgroup name
  • Screenshots of your security group configuration
  • Error messages you’re seeing
  • Steps you’ve already taken
We’re here to help you get connected securely!