1. Pendo Help Center
  2. Predict
  3. Predict integrations

Add AWS Redshift as a data source in Pendo Predict

Last updated:

This article explains how to connect your AWS Redshift instance to Pendo Predict so you can use Redshift as a source when building predictive models. 

There are two primary connectivity methods:

  1. Direct URL-Based Endpoint (with optional IP Whitelisting)
  2. Redshift-Managed VPC Endpoint

Choose the method that meets your security and networking requirements. This
document covers setup instructions, authentication, and troubleshooting tips.

 

Prerequisites

Before starting, verify you have the following:

  • Amazon Redshift Cluster: Make sure it is running and that you can connect
    to it via standard SQL clients or other tools.
  • Pendo Predict Account: You’ll need an active Pendo Predict account with
    permissions to add new data integrations.
  • Read Access to Assets: Ensure that the Redshift user or role you plan to use
    for Pendo Predict has read access (and any additional privileges necessary) to
    all required schemas, tables, or other assets.
  • Network/Firewall Configuration:
    • Direct URL: Confirm that Redshift is accessible from the public
      internet, or whitelist Pendo Predict's static public IP.
    • Managed VPC: Check that your security groups allow traffic via the
      Redshift-managed VPC endpoint

 

Step 1: Connection Methods

Direct URL-Based Endpoint

Use this option if your Redshift cluster is publicly accessible or if you’ve whitelisted Pendo Predict’s public IP address:

  1. Endpoint & Port: Supply your Redshift cluster’s endpoint (e.g., examplecluster.abc123xyz.us-west-2.redshift.amazonaws.com) and the port (e.g.: 5439).
  2. Security Group / Firewall:
    • If your Redshift instance is publicly accessible, ensure there are no additional rules blocking connections.
    • If you limit inbound connections, whitelist Pendo Predict's static IP so it can reach your cluster.

Redshift-Managed VPC Endpoint

Use AWS PrivateLink for more secure, private connectivity:

  1. Obtain Pendo Predict AWS Account ID and VPC ID: Pendo Predict will provide the AWS Account ID and the VPC ID where our platform hosts its resources.
  2. Create the Redshift-Managed VPC Endpoint:
  • From the Amazon Redshift console, configure a VPC endpoint (AWS
    PrivateLink) permitting traffic from Pendo Predict’s AWS Account ID and
    VPC.
    • Update your Redshift security group(s) to allow connections from
      that endpoint.
    • Follow AWS specific considerations, to make sure the cluster has the
      ability to use PrivateLink.
       
    •  
  1. Share Your AWS Account ID: Provide your AWS Account ID to Pendo Predict so we can identify and
    map the correct connection to you.
  2. Endpoint Creation by Pendo Predict
    • After you confirm your setup is complete, Pendo Predict will create a
      corresponding endpoint in our VPC.
    • We’ll provide a final private endpoint URL for connecting to your
      Redshift cluster.

Step 2: AWS Redshift Permissions Setup 

  1. User Permissions (relevant for both connection methods): In redshift, provide the user with read privileges for the relevant sources (schemas and tables).
  2. IAM Role Authentication

    • Set the following Role Policy

      JavaScript
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "RedshiftGetClusterCredentials",
      "Effect": "Allow",
      "Action": [
      "redshift:GetClusterCredentials"
      ],
      "Resource": [
      "arn:aws:redshift:<REGION>:<ACCOUNT_ID>:cluster:<CLUSTER_NAME>",
      "arn:aws:redshift:<REGION>:<ACCOUNT_ID>:dbname:<CLUSTER_NAME>/<DB_NAME>",
      "arn:aws:redshift:<REGION>:<ACCOUNT_ID>:dbuser:<CLUSTER_NAME>/<DB_USER>"
      ]
    }
  ]
}

    • Set the following Trust Relationship

      JavaScript
{
  "Version": "2012-10-17",
  "Statement": [
    {
    "Effect": "Allow",
    "Action": "sts:AssumeRole",
    "Principal": {
    "AWS": "<ROLE ARN Provided by Forwrd>"
    },
    // If external ID is used:
    "Condition": {
    "StringEquals": {
    "sts:ExternalId": "<EXTERNAL_ID>"
    }
}

Step 3: Configuring the Integration in Pendo Predict

After you’ve set up the chosen connection method, configure the integration
within your Pendo Predict platform:

  1. In Pendo Predict, go to the Sources tab.

  1. Select New Source, then choose Redshift.

  2. Enter a name that other users will recognize easily

  3. Select the method of authentication:

    • Standard Username/Password: Use a Redshift user credential with
      at least read access to the needed data assets.
    • IAM Role: IAM role–based authentication, allowing temporary
      credential-free connections.
  4. Provide the:
    • Relevant credentials - the dedicated db user and password or Role
      ARN accordingly.
    • DB URL/endpoint
    • DB Port
    • DB Database
  5. Click on Authorize to set the connection.

Troubleshooting & FAQ

In case the authorization fails, verify the following:

  • Verify you have the correct endpoint/port and credentials (try to connect it
    externally)
  • Ensure your firewall/security groups permit inbound traffic from Pendo Predict's
    public static IP address (if whitelisted) or from the VPC endpoint if using
    PrivateLink.
  • Ensure your user has the correct privileges.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more