I have a Redshift serverless workgroup inside a VPC, and I want to securely create a federated schema of an RDS Aurora cluster through a security group or another mechanism. The Aurora cluster is in the same VPC and uses the same public subnets as Redshift serverless. I created a security group for Redshift serverless and a different one for the Aurora cluster instance. Connecting only works for me by opening the MySQL port to all IPv4 in the Aurora cluster instance, which is insecure. I use the Redshift Query Editor v2 in the browser to test.
Here are some security group rules that don't work in my setup:
- In Aurora cluster instance: Allow MySQL port for the "VPC CIDR range".
- In Aurora cluster instance: Allow MySQL port for the "Redshift serverless security group".
What do I need to do in Aurora and Redshift serverless to have the security group with restricted access to only Redshift serverless and not open to any IPv4? Can I use the Aurora VPC endpoints with Redshift Serverless?
I'm also considering using a Redshift cluster, which I expect to be more expensive but also more secure than Redshift serverless.
Any help you can provide is highly appreciated.
