User guide
Example 1: Allow an IAM user full access to all Amazon Redshift actions and resources
The following policy allows access to all Amazon Redshift actions on all resources.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
The value redshift:* in the Action element indicates all the actions in Amazon Redshift.
Example 2: Deny a set of Amazon Redshift actions to an IAM user
By default, all permissions are denied. However, sometimes you need to explicitly deny access to a
specific action or set of actions.The following policy allows access to all the Amazon Redshift actions
and explicitly denies access to any Amazon Redshift action whose name starts with Delete. This policy
applies to all Redshift resources in the US East (Northern Virginia) region, that is us-east-1.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:*"
],
"Effect": "Allow",
"Resource": "arn:aws:redshift:us-east-1:*"
},
{
"Action": [
"redshift:Delete*"
],
"Effect": "Deny",
"Resource": "arn:aws:redshift:us-east-1:*"
}
]
}
API Version 2012-12-01
122
Amazon Redshift Management Guide
Example Policies for Amazon Redshift