---
title: Redshift
description: >-
  Connect Amazon Redshift to Datadog Data Observability to monitor data quality,
  track usage, and detect issues.
breadcrumbs: >-
  Docs > Data Observability Overview > Quality Monitoring > Warehouse
  Integrations > Redshift
---

# Redshift

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}

{% /callout %}

## Overview{% #overview %}

The Redshift integration connects Datadog to your Amazon Redshift cluster to sync metadata, query history, and table-level metrics. Use it to monitor data freshness, detect anomalies, and trace lineage across your warehouse and downstream tools.

Datadog supports both provisioned Redshift clusters and Redshift Serverless workgroups.

## Prerequisites{% #prerequisites %}

Before you begin, make sure you have:

- A Redshift superuser or database user with the ability to create roles and grant privileges.
- If your Redshift cluster or workgroup restricts network access by IP, add Datadog webhook IPs to your VPC security group inbound rules. For the list of IPs, see the `webhooks` section of the IP ranges list.

## Set up your account in Redshift{% #set-up-your-account-in-redshift %}

Connect to your Redshift cluster as a superuser and run the following SQL to create a dedicated role for Datadog.

1. Create a role and grant access to system catalog views.

   ```sql
   -- Create a dedicated role for Datadog monitoring
   CREATE ROLE datadog_role;
   
   -- Required for table size metrics
   GRANT SELECT ON svv_table_info TO ROLE datadog_role;
   ```

1. Grant read-only access to your data.

Run the following for each schema you want Datadog to monitor:

   ```sql
   GRANT USAGE ON SCHEMA "<YOUR_SCHEMA>" TO ROLE datadog_role;
   GRANT SELECT ON ALL TABLES IN SCHEMA "<YOUR_SCHEMA>" TO ROLE datadog_role;
   ALTER DEFAULT PRIVILEGES IN SCHEMA "<YOUR_SCHEMA>"
     GRANT SELECT ON TABLES TO ROLE datadog_role;
   ```

To generate grant statements for all schemas at once, run:

   ```sql
   SELECT
       'GRANT USAGE ON SCHEMA "' || schema_name || '" TO ROLE datadog_role;' || '\n' ||
       'GRANT SELECT ON ALL TABLES IN SCHEMA "' || schema_name || '" TO ROLE datadog_role;' || '\n' ||
       'ALTER DEFAULT PRIVILEGES IN SCHEMA "' || schema_name || '" GRANT SELECT ON TABLES TO ROLE datadog_role;'
         AS grant_statement
   FROM svv_all_schemas
   WHERE schema_name NOT IN ('information_schema', 'pg_catalog', 'pg_internal', 'catalog_history');
   ```

Copy and run the output to apply grants to all schemas.

1. Create or assign the Datadog database user.

{% tab title="Provisioned Cluster" %}
Create a dedicated database user and assign the role:

```sql
-- Replace <STRONG_PASSWORD> with a secure password
CREATE USER datadog_user PASSWORD '<STRONG_PASSWORD>' SYSLOG ACCESS UNRESTRICTED;
GRANT ROLE datadog_role TO datadog_user;
```

{% /tab %}

{% tab title="Serverless" %}
In Redshift Serverless, database users are automatically mapped from IAM identities. For example, an IAM role named `DatadogIntegrationRole` maps to the database user `IAMR:DatadogIntegrationRole`.

Grant the `datadog_role` to your IAM-mapped database user:

```sql
GRANT ROLE datadog_role TO "IAMR:<YOUR_IAM_ROLE_NAME>";
ALTER USER "IAMR:<YOUR_IAM_ROLE_NAME>" SYSLOG ACCESS UNRESTRICTED;
```

{% /tab %}

## Configure IAM policies{% #configure-iam-policies %}

Add the following policies to the Datadog AWS integration IAM role associated with the AWS account that contains your Redshift cluster.

{% tab title="Provisioned Cluster" %}
Attach the `AmazonRedshiftDataFullAccess` AWS managed policy and an inline policy granting `redshift:GetClusterCredentials` for the Datadog database user created in the previous section:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "redshift:GetClusterCredentials",
            "Resource": [
                "arn:aws:redshift:<REGION>:<ACCOUNT_ID>:dbuser:<CLUSTER_IDENTIFIER>/datadog_user"
            ]
        }
    ]
}
```

{% /tab %}

{% tab title="Serverless" %}
Attach the `AmazonRedshiftDataFullAccess` AWS managed policy and an inline policy granting `redshift-serverless:GetCredentials` for your workgroup:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "redshift-serverless:GetCredentials",
            "Resource": "arn:aws:redshift-serverless:<REGION>:<ACCOUNT_ID>:workgroup/<WORKGROUP_ID>"
        }
    ]
}
```

{% /tab %}

## Configure the Redshift integration in Datadog{% #configure-the-redshift-integration-in-datadog %}

To configure the Redshift integration in Datadog:

1. Navigate to [**Datadog Data Observability** > **Settings**](https://app.datadoghq.com/datasets/settings/integrations).

1. Click the **Configure** button for the Redshift option.

   {% image
      source="https://docs.dd-static.net/images/data_observability/redshift/data_obs_redshift_on_integrations_page.a08182b2fe00bee60d116c8ce83afda1.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/data_observability/redshift/data_obs_redshift_on_integrations_page.a08182b2fe00bee60d116c8ce83afda1.png?auto=format&fit=max&w=850&dpr=2 2x"
      alt="Redshift on the Settings page of Data Observability integrations" /%}

1. Select a connected AWS account or add a new AWS account.

   {% image
      source="https://docs.dd-static.net/images/data_observability/redshift/data_obs_redshift_integration_flow.8194d5336b84b4df555c9aa0fc085e90.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/data_observability/redshift/data_obs_redshift_integration_flow.8194d5336b84b4df555c9aa0fc085e90.png?auto=format&fit=max&w=850&dpr=2 2x"
      alt="Selecting a connected or new AWS account for the Redshift Data Observability integration." /%}

1. Enter your cluster connection details:

{% tab title="Provisioned Cluster" %}

- **Cluster identifier**: Your Redshift cluster identifier.
- **Region**: The AWS region where your cluster is hosted (for example, `us-east-1`).
- **Database user**: The Datadog user created during setup (for example, `datadog_user`).
- **Initial database**: The name of the database to connect to (defaults to `dev`).

{% /tab %}

{% tab title="Serverless" %}

- **Workgroup name**: Your Redshift Serverless workgroup name.
- **Region**: The AWS region where your workgroup is hosted (for example, `us-east-1`).
- **Initial database**: The name of the database to connect to (defaults to `dev`).

{% /tab %}

{% image
   source="https://docs.dd-static.net/images/data_observability/redshift/data_obs_redshift_add_credentials.1cd3593011fa27573a3f20295c34f488.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/data_observability/redshift/data_obs_redshift_add_credentials.1cd3593011fa27573a3f20295c34f488.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="Input fields for Redshift credentials for Data Observability integrations" /%}
Click **Add account**.
## Next steps{% #next-steps %}

After you save, Datadog begins syncing your information schema and query history in the background. Initial syncs can take up to several hours depending on the size of your Redshift deployment.

After the initial sync completes, create a [Data Observability monitor](https://docs.datadoghq.com/monitors/types/data_observability/) to start alerting on freshness, column-level metrics, and custom SQL metrics.

## Further reading{% #further-reading %}

- [Data Observability Overview](https://docs.datadoghq.com/data_observability/)
- [Data Observability Monitors](https://docs.datadoghq.com/monitors/types/data_observability/)