Reputation: 31610
Is it possible to attach one role to a redshift cluster and use that for all access?
I don't like having to specify specific roles in each command.
Is there a way I can just attach a single role to my redshift cluster and have every command (like the copy command) just use that role and not have to specify an iam_role in every command?
It seems weird to me because I can attach a role to an EC2 instance and it will just give anything calling the AWS apis on that sever that access.
Upvotes: 0
Views: 677
Answers (1)
Reputation: 269746
No, this is not possible.
Amazon Redshift needs to know which IAM Role to use when accessing data from Amazon S3. This is specified via the iam_role parameter. Roles attached to the Redshift cluster are merely referenced, rather than credentials being provided as part of the query.
This is quite different to the Amazon EC2 situation, where the AWS CLI and AWS SDKs always look in the user's ~/.aws/credentials file to obtain credentials for use with API calls. There is no capability to provide such credentials in Amazon Redshift.
It is also quite different to the way Amazon Athena handles permissions. Athena uses the S3 permissions of the user who runs the query.
Upvotes: 1
Related Questions
- Create an IAM Role that makes Redshift able to access S3 bucket (ReadOnly)
- RedShift Group Vs Roles
- AWS IAM Role Access to Redshift:DescribeData
- Give a Redshift Cluster access to S3 bucket owned by another account
- Can I attach IAM role and security group to AWS RedShift in free trial?
- IAM permissions to create a new Redshift cluster from another cluster's snapshot
- Is it possible to access Redshift with an IAM role from another account? how?
- Redshift - Cross account cluster sync-up
- How to grant a group to another group in Redshift
- Grants for a user or group across all schemas in Amazon Redshift