User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift

121

122

123

124

125

126

127

128

129

130

• Restoring a cluster from a snapshot.

• Revoking cluster snapshot access.

Some Amazon Redshift actions, such as copying a cluster snapshot and restoring a cluster from a

snapshot, reference more than one Amazon Redshift resource.To successfully complete those actions,

an IAM user must have policies with Resource elements that cover both resources. For example, to

restore a cluster from snapshot, an IAM user must have permissions that allow access to the snapshot

and that allow creating a cluster with the cluster identifier specified.

Amazon Redshift supports the use of wildcards such as "*" in IAM Resource elements. One example is

specifying "Resource": "*" to allow operations on all Amazon Redshift resources. Another example is

using this ARN to specify all snapshots from the cluster named my-cluster:

arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/*

Amazon Redshift does not support Resource elements on all actions. The actions that do support

Resource elements are:

• AuthorizeClusterSecurityGroup

• AuthorizeSnapshotAccess

• CopyClusterSnapshot

• CreateCluster

• CreateClusterParameterGroup

• CreateClusterSecurityGroup

• CreateClusterSnapshot

• CreateClusterSubnetGroup

• CreateHsmClientCertificate

• CreateHsmConfiguration

• CreateTags

• DeleteCluster

• DeleteClusterParameterGroup

• DeleteClusterSecurityGroup

• DeleteClusterSnapshot

• DeleteClusterSubnetGroup

• DeleteHsmClientCertificate

• DeleteHsmConfiguration

• DeleteTags

• DescribeClusterParameters

• DescribeResize

• DescribeTags

• ModifyCluster

• ModifyClusterParameterGroup

• ModifyClusterSubnetGroup

• RebootCluster

• ResetClusterParameterGroup

• RestoreFromClusterSnapshot

• RevokeClusterSecurityGroupIngress

• RevokeSnapshotAccess

API Version 2012-12-01

119

Amazon Redshift Management Guide

IAM Policy Resources for Amazon Redshift