Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift
121122123124125126127128129130
Constructing an Amazon Redshift ARN
You can identify resources that are created in Amazon Web Services by a unique identifier called an
Amazon Resource Name (ARN). When using the Resource element in an IAM policy to control which
Amazon Redshift resources a user or group can access, you specify one or more ARNs that define the
resources the users are allowed to access.
An ARN for an Amazon Redshift resource uses the following syntax
arn:aws:redshift:<region>:<account_number>:<resource_type>:<name>
where:
<region> is the AWS region where the Amazon Redshift resource was created, such as us-west-2.
For a list of the Amazon Redshift regions, go to Amazon Redshift Regions and Endpoints.
<account_number> is your AWS account number with dashes omitted.To find your account number,
sign in to your AWS account at http://aws.amazon.com, click My Account/Console, and then click My
Account.
resource_type is the type of Amazon Redshift resource.
<name> is the resource identifier for the Amazon Redshift resource. For snapshots, the name is a
combination of the identifier of the cluster the snapshot was created from and the name of a specific
snapshot: <cluster name>/<snapshot name>.
The following table shows the format you should use when constructing an ARN for a particular Amazon
Redshift resource.
ARN FormatResource Type
arn:aws:redshift:<region>:<account_number>:cluster:<cluster_name>Cluster
arn:aws:redshift:<region>:<account_number>:securitygroup:<secur-
ity_group_name>
Cluster security group
arn:aws:redshift:<region>:<account_number>:securitygroupingress:<se-
curity_group_name>/cidrip/<IP_range>
CIDR/IP
arn:aws:redshift:<region>:<account_number>:securitygroupingress:<se-
curity_group_name>/ec2securitygroup/<owner>/<EC2_secur-
ity_group_ID>
EC2 security group
arn:aws:redshift:<region>:<account_number>:hsmclientcert:<HSM_cli-
ent_certificate_ID>
HSM client certificate
arn:aws:redshift:<region>:<account_number>:hsmconfiguration:<HSM_con-
figuration_ID>
HSM configuration
arn:aws:redshift:<region>:<account_number>:parametergroup:<paramet-
er_group_name>
Parameter group
arn:aws:redshift:<region>:<account_number>:snap-
shot:<cluster_name>/<snapshot_name>
Snapshot
arn:aws:redshift:<region>:<account_number>:subnetgroup:<sub-
net_group_name>
Subnet group
API Version 2012-12-01
120
Amazon Redshift Management Guide
Constructing an Amazon Redshift ARN