Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Configuring a custom domain - Amazon Redshift

Configuring a custom domain

PDFRSS

You can use the Amazon Redshift or Amazon Redshift Serverless console to create your custom domain URL. If you haven't configured it, the Custom domain name property appears as a dash () under General information. After you create your CNAME record and the certificate, you associate the custom domain name for the cluster or workgroup.

In order to create a custom domain association, the following IAM permissions are required:

  • redshift:CreateCustomDomainAssociation – You can restrict permission to a specific cluster by adding its ARN.

  • redshiftServerless:CreateCustomDomainAssociation – You can restrict permission to a specific workgroup by adding its ARN.

  • acm:DescribeCertificate

As a best practice, we recommend attaching permissions policies to an IAM role and then assigning it to users and groups as needed. For more information, see Identity and access management in Amazon Redshift.

You assign the custom domain name by performing the following steps.

  1. Choose the cluster in the Redshift console, or the workgroup in the Amazon Redshift Serverless console, and choose Create custom domain name under the Action menu. A dialogue appears.

  2. Enter the custom domain name.

  3. Select the ARN from AWS Certificate Manager for the ACM Certificate. Confirm your changes. Per the guidance in the steps you took to create the certificate, we recommend that you choose a DNS validated certificate that's eligible for managed renewal through AWS Certificate Manager.

  4. Verify in the cluster properties that the Custom domain name and Custom domain certificate ARN are populated with your entries. The Custom domain certificate expiry date is also listed.

After the custom domain is configured, using sslmode=verify-full works only for the new, custom domain. It doesn't work for the default endpoint. But you can can still connect to the default endpoint by using other ssl modes, such as sslmode=verify-ca.

Note

As a point of reminder, cluster relocation isn't a prerequisite for configuring additional Redshift networking features. You don't have to turn it on to enable the following:

  • Connecting from a cross-account or cross-region VPC to Redshift – You can connect from one AWS virtual private cloud (VPC) to another that contains a Redshift database. This makes it easier to manage, for example, client access from disparate accounts or VPCs, without having to provide local VPC access to identities connecting to the database. For more information, see Connecting to Amazon Redshift Serverless from a Redshift VPC endpoint in another account or region.

  • Setting up a custom domain name – You can create a custom domain name, as described in this topic, to make the endpoint name more relevant and simple.

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.