SugandhaGoel
Reputation: 21
AWS Redshift cross account access
Different teams own different datasets. The goal I want to accomplish is to be able to query different sources owned by different teams (AWS accounts).
- Account A - Redshift
- Account B - S3
- Account C - My account
From my account I would like to:
Access data from Account B's S3 bucket using redshift spectrum
Access Account A's redshift DB.
I know how to do do part 1, how can I query cross account redshift (part 2)?
Upvotes: 2
Views: 4527
Answers (1)
John Rotenstein
Reputation: 269746
The owner of the relevant Amazon S3 buckets in Account B should add a Bucket Policy that grants access to the IAM Role being used by Amazon Redshift.
From IAM Policies for Amazon Redshift Spectrum - Amazon Redshift:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Example permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::redshift-account:role/spectrumrole"
},
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}
Upvotes: 1
Related Questions
- Make a cross account call to Redshift Data API
- Give a Redshift Cluster access to S3 bucket owned by another account
- redshift:GetClusterCredentials + dbuser + ${aws:username}
- Is it possible to access Redshift with an IAM role from another account? how?
- access redshift which is in vpc(Account A) from lambda which in another vpc (account B)
- Redshift - Cross account cluster sync-up
- How to access Redshift from a Lambda from a VPC in a different account
- How can I access data in s3 bucket from one account to process the data using redshift in another account?
- amazon redshift single sign or service account approach
- Copy to Redshift from another accounts S3 bucket