---
title: "Gong Data Cloud docs"
slug: "redshift-configuration"
updated: 2026-01-12T16:36:33Z
published: 2026-01-12T16:36:33Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.gong.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Redshift Configuration

> **Who can use this**: Tech admin **Available on**: Data Cloud

## Prerequisites

- If your Redshift security posture requires IP allowlisting, have the Gong static IP available during the following steps. It will be required in Step 2.
  - See [Gong IP allow list](/v1/docs/gong-ip-allow-list) for a list of IPs that can be allowed
- By default, Redshift authentication uses **role-based access**. You will need the trust policy prepopulated with the Gong AWS ARN to grant access.
  - The **Custom trust policy** (with the Gong service's AWS ARN) is:

```
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::655275192472:role/gpe-us-01-1-c1-app-prequel"
			},
			"Action": "sts:AssumeRole"
		}
	]
}
```

## Step 1: Create a Limited User in Redshift

1. Connect to Redshift using the SQL client.
2. Execute the following query to create a user to write the data.

```
CREATE USER <username> PASSWORD DISABLE;
```

1. Grant user `CREATE` and `TEMPORARY` privileges on the database. `CREATE` allows the service to create new schemas and `TEMPORARY` allows the service to create temporary tables.

```
GRANT CREATE, TEMPORARY ON DATABASE <database> TO <username>;
```

> 📘 The `schema` will be created during the first sync
> 
> 
> The schema name supplied as part of **Step 4** will be created during the first connection. It does not need to be created manually in the destination ahead of time.

> 📘 If the `schema` already exists
> 
> 
> By default, the service creates a new schema based on the destination configuration. If you prefer to create the schema yourself before connecting the destination, you must ensure that the writer user has the proper permissions on the schema, using:
> 
> 
> ```
> GRANT ALL ON schema <schema> TO <username>;`
> ```
> 
> 
> Once you've provided the `GRANT ALL` permission on the schema, you can safely remove the `CREATE` permission on the database (but you must retain the `TEMPORARY` permission on the database).

## Step 2: Allowlist connection

1. In the Redshift console, click **Clusters**, and make a note of the **cluster** name.
2. Select the cluster you would like to connect.
3. In the **General information** pane, make note of the **Endpoint** details. You may need to use the **copy** icon to copy the full details to discover the full endpoint and port number.

![](https://storage.googleapis.com/prequel_docs/images/redshift-endpoint-details.png)

1. Click the **Properties** tab.
2. Scroll down to the **Network and security settings** section.
3. In the VPC security group field, select a security group to open it.

![](https://storage.googleapis.com/prequel_docs/images/redshift-vpc-security-groups.png)

1. In the Security Groups window, click **Inbound rules**.
2. Click **Edit inbound rules**.
3. In the Edit the Inbound rules window, follow the steps below to create custom TCP rules for the static IP:  

a. Select **Custom TCP** in the drop-down menu.  

b. Enter your Redshift port number. (likely `5439`)  

c. Enter the **static IP**. (from the prerequisite)  

d. Click **Add rule**.

## Step 3: Create a staging bucket

### Create staging bucket

1. Navigate to the S3 service page.
2. Click **Create bucket**.
3. Enter a **Bucket name** and modify any of the default settings as desired. Note: **Object Ownership** can be set to "**ACLs disabled**" and **Block Public Access settings for this bucket** can be set to "**Block all public access**" as recommended by AWS. Make note of the Bucket name and AWS Region.
4. Click **Create bucket**.

### Create policy

1. Navigate to the **IAM** service page, click on the **Policies** navigation tab, and click **Create policy**.
2. Click the JSON tab, and paste the following policy, being sure to replace `{BUCKET_NAME}`  with the name of the bucket chosen above, and `{REGION_NAME}`, `{ACCOUNT_ID}`, `{CLUSTER_NAME}`, `{USERNAME}`, and `{DATABASE_NAME}` with the proper Redshift values.
  1. **Note**: the first bucket permission in the list applies to `{BUCKET_NAME}` whereas the second permission applies only to the bucket's contents - `{BUCKET_NAME}/*` - an important distinction.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::{BUCKET_NAME}"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
              	"s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::{BUCKET_NAME}/*"
        },
        {
            "Effect": "Allow",
            "Action": "redshift:GetClusterCredentials",
            "Resource": [
                "arn:aws:redshift:{REGION_NAME}:{ACCOUNT_ID}:dbuser:{CLUSTER_NAME}/{USERNAME}",
                "arn:aws:redshift:{REGION_NAME}:{ACCOUNT_ID}:dbname:{CLUSTER_NAME}/{DATABASE_NAME}"
            ]
        }
    ]
}
```

1. Click through to the **Review** step, choose a **name** for the policy, for example, `transfer-service-policy` (this will be referenced in the next step), add a description, and click **Create policy**.

### Create role

1. Navigate to the **IAM** service page.
2. Navigate to the **Roles** navigation tab, and click **Create role**.
3. Select **Custom trust policy** and paste the provided trust policy (from the prerequisite) to allow AssumeRole access to this role. Click **Next**.
4. Add the permissions policy created above, and click **Next**.
5. Enter a **Role name**, for example, `transfer-role`, and click **Create role**.
6. Once successfully created, search for the created role in the Roles list, click the role name, and make a note of the **ARN** value.

## Step 4: Add your destination

1. In Gong, go to **Admin center** > **Settings** > **Data Cloud** > **Data cloud settings**.
2. Select **Redshift**
3. Toggle on **Serverless** if relevant.
4. Enter the following details
  - **Host**
  - **Port**
  - **Database**
  - For a serverless configurations:
    - **Workgroup**
  - For other configurations:
    - **Cluster**
    - **Schema**
    - **User**
  - **IAM role ARN**
  - **Bucket name**
  - **Bucket region**
  - **Redshift admin emails**
5. Click **Connect**. It may take a few minutes to complete the connection.

A team member who manages and configures the Gong platform and handles CRM integrations, user provisioning, permissions, and system settings. [Find my Tech admin](/v1/docs/find-your-technical-or-business-admin).

Gong’s robust data sharing service that integrates Gong-enriched data with external data platforms- for deeper data analytics and advanced insights. Access to features depends on your [company’s plan and your assigned seat](/v1/docs/plans-and-seats).