AWS Redshift

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, and PHI data.

Examples: Redshift, PostgreSQL, Snowflake, etc.

Onboarding Redshift Data Source

1. Login to your LightBeam Instance.

2. Click on DATASOURCES on the Top Navigation Bar.

3. Click on “Add a data source”.

1. Search for Redshift.

1. Click on Redshift.

1. In the Basic Details section, enter the following information:

• Instance Name: Provide a unique name for the Redshift data source (e.g., Redshift_Production).

• Primary Owner: Enter the email address of the individual responsible for this data source (e.g., admin@lightbeam.ai).

• Source of Truth (Optional): Toggle this option on if the Redshift cluster serves as a single source of truth for entity validation.

• Description (Optional): Add a brief description of the Redshift cluster (e.g., "Amazon Redshift Data Warehouse for Analytics").

1. Provide the following details in the Connection section:

• Username: The Redshift user account name.

• Password: The corresponding password for the username.

• Host: The hostname or IP address of the Amazon Redshift server.

• Port: Default 5439 (or as configured in Redshift).

1. Additional Details (Optional)

In this section, you can specify metadata attributes related to the Redshift data source:

• Location: Select the geographic region where the database is hosted.

• Purpose: Define the purpose of data collection (e.g., Analytics, Compliance, Security).

• Stage: Indicate the stage of data processing (e.g.,Collection, Processing, Storage).

1. Click Test Connection.

2. Verify that you get the message Connection Success! on the screen. Click on Next.

3. In the next step, you'll see a list of databases presented from your Redshift cluster.

Displayed Databases: By default, all databases to which you have access permissions will be shown.

Custom Selection: If you wish not to scan certain databases, simply deselect them from the list.

Please verify that the test database created for the PoC is showing up in the list of databases. Ensure you've made your desired selections before connecting the datasource.

APPENDIX

Troubleshooting

If you don’t see any data being scanned without error, it might be a permission issue. Consider running a SELECT * query on a table and see if you can see the data. If you see a message of permission denied, consider granting permission to the user.

Minimal permissions setup

We require the following permissions to scan only a subset of the databases for the instance:

• CONNECT permissions

• For each database - CONNECT and SELECT permissions

Use the following script to create a user with such permissions. In this example, we are creating a user with the permissions to connect to the LightBeam database.

User with restricted permissions for a single database

-- CREATE USER test1 WITH PASSWORD 'lbadmin12345';

-- GRANT SELECT ON ALL TABLES IN SCHEMA public TO test1;

-- GRANT SELECT ON svv_table_info TO test1

Use the user you just created to register Redshift datasource.

Full permissions setup

If you want to, you can scan all the databases and allow wider scope permissions. LightBeam recommends a full read-only user who can access a list of databases, connect to every database, and read data.

Validate permissions to the database

Next, the user needs to validate these permissions to the database. This ensures authorized access to the database by the credentials provided by the user. After validating the permissions to the database, the user can configure LightBeam Spectra on the system.

Prerequisite

The following tools need to be installed on the system to verify database permissions:

• Git

• PSQL tool

Steps

2. Go into sql_user_check_redshift directory

3. The specific commands to fetch the list of schemas, relationships, and other details from the database are provided in our official documentation. Please refer to the README.md file in the directory for detailed instructions and command listings. Run each of the following commands individually.

User Credentials

* DATABASE_HOST_IP: The hostname of the IP address of your database instance.

* DATABASE_USER: Username for the database instance.

* PORT: Port number of your database instance.

* DATABASE_NAME: Name of the database to which you wish to establish a connection and validate the permissions.

To validate whether the commands were successful, check the outputs of the files generated from all three commands. Each output file should contain a few rows of data in a tabular format.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.