Skip to main content
Connect to Redshift

1. Redshift Credential Setup

It’s recommended to create a dedicated Redshift user with the permissions needed to query and write to your data warehouse. If you’d prefer to use an existing user, ensure it has the appropriate privileges for both reading from your source schemas and writing to the Margin schema.

Create a Redshift User and Schema

Below is a step-by-step guide to set up a Redshift user with the necessary permissions:
Locations to fill in required fields are highlighted in green
-- Margin user/group details--------------
SET margin_password = '<a secure password>';
SET margin_database = '<database>';                -- e.g. 'analytics'
SET source_schema   = '<schema>';                  -- e.g. 'public'
SET source_table    = '<table>';                   -- e.g. 'events'

-- Create Margin user and group
CREATE USER margin_user PASSWORD '${margin_password}';
CREATE GROUP margin_role;
ALTER GROUP margin_role ADD USER margin_user;

-- Create Margin schema
CREATE SCHEMA IF NOT EXISTS margin;

-- Grant usage on database and schemas
GRANT USAGE ON SCHEMA margin TO GROUP margin_role;
GRANT USAGE ON SCHEMA ${source_schema} TO GROUP margin_role;

-- Grant Margin privileges on its own schema
GRANT CREATE, USAGE ON SCHEMA margin TO GROUP margin_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA margin TO GROUP margin_role;

-- Set up default privileges for future tables in Margin schema
ALTER DEFAULT PRIVILEGES IN SCHEMA margin 
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO GROUP margin_role;

-- Grant access to the source data
GRANT SELECT ON ALL TABLES IN SCHEMA ${source_schema} TO GROUP margin_role;

-- For specific tables only
GRANT SELECT ON TABLE ${source_schema}.${source_table} TO GROUP margin_role;

-- Set up default privileges for future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA ${source_schema} 
GRANT SELECT ON TABLES TO GROUP margin_role;

-- If you need to restrict access to sensitive data, create a filtered view
CREATE OR REPLACE VIEW margin.secure_${source_table}_view AS
SELECT
    id,
    event_name,
    timestamp,
    non_sensitive_column1,
    non_sensitive_column2
    -- Omit sensitive columns like PII, financial data, etc.
FROM ${source_schema}.${source_table};

-- Grant access to the view
GRANT SELECT ON margin.secure_${source_table}_view TO GROUP margin_role;
If you need to connect to multiple databases, reach out to [email protected], we can enable this for you.

2. Redshift Connection Configuration

A. Add a Redshift Source in Margin

Go to your Integrations page in the Margin dashboard & click Add Source and select Amazon Redshift.

B. Enter Redshift Credentials

Enter the following required fields into Margin:
FieldDescription
HostThe hostname or IP address of your Redshift cluster. You can find this in the AWS Redshift console by selecting your cluster and looking at the Endpoint string (exclude the port and database name).
PortThe port number for your Redshift cluster. The default is 5439, but yours may be different.
DatabaseThe name of the database in your Redshift cluster that contains your data.
Username & PasswordFor the margin_user you created (or an existing user with the necessary privileges).
SchemaThe default schema for Margin queries (typically ‘margin’).
For security, we recommend that you allowlist Margin’s IP addresses in your security group to allow connections to your Redshift cluster. Please reach out to [email protected] for our current IP addresses.

3. Testing the Connection

When you set up Redshift, Margin verifies:
  1. Basic connectivity check: Network connection & credential validation
  2. Verify user can fully manage the margin schema:
    • Table lifecycle (CREATE, INSERT, SELECT, UPDATE, DELETE)
    • View creation and access
    • Ability to execute queries on the source tables
Sometimes the initial test might time out, especially if Redshift is resuming from a paused state. Simply click Test again to retry.

4. Advanced Connection Options

Using an SSH Tunnel

If your Redshift cluster is in a private VPC without public access, you can connect via an SSH tunnel:
  1. Select SSH Tunnel as the connection type
  2. Provide the SSH host, port, username, and authentication method (password or key)
  3. The SSH server must have network access to your Redshift cluster
For enterprise customers, you can securely connect to your Redshift cluster using AWS PrivateLink:
  1. Contact [email protected] to enable this feature
  2. Our team will provide guidance for setting up the PrivateLink connection

Next Steps

Once the connection is established, you can connect your finance sources to model over your event data.

Sources: Finance Data

Connect your finance data sources