Need to reduce the overhead of user access management on AWS Redshift clusters.


  • User commits DDL execution files to an AWS Codecommit repository.
  • The update to the Codecommit repository sends an event to AWS Lambda.
  • The Lambda function pulls down the source code and requests the connection information for the AWS Redshift Cluster from AWS Secret Manager.
  • The Lambda function will establish a connection to the Redshift cluster and run each DDL script in the order it was given via the commit message

For integration between Codecommit and Lambda we used external packages including pygit2

The logic we employed was simple, by reading the commit log we could tell which files were added/removed but we could not figure out what sequence the files had to be run in. To solve this issue, we enforced a strict commit message syntax to indicate the sequence in which to run the files.

Example of Commit message main text


We now have the run order of the files and attempt to run them using psycopg2.