Question 263307 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Redshift Scheduled Query Setup

I’m having trouble getting the IAM role setup to work for a Redshift scheduled query.

I created a role redshift-scheduled-query that looks like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "events.amazonaws.com",
                    "redshift.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

It also has the following permission policies:

  • AmazonEventBridgeFullAccess
  • AmazonRedshiftAllCommandsFullAccess
  • AmazonRedshiftDataFullAccess
  • AmazonRedshiftFullAccess
  • AmazonRedshiftQueryEditor
  • AmazonRedshiftQueryEditorV2FullAccess

Is there something else I’m missing? I also added redshift-scheduled-query as an associated role to my redshift cluster

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Having the following trust policy for the role I created worked:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "redshift.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Sid": "S1",
            "Effect": "Allow",
            "Principal": {
                "Service": "events.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::134776740825:user/user_name"
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
}

  2. 0

    You are missing the principal for the Redshift scheduler: scheduler.redshift.amazonaws.com. See https://docs.aws.amazon.com/redshift/latest/APIReference/API_ScheduledAction.html for details.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search