User guide
Example 6: Grant permission to Amazon Redshift and to common actions and resources
for related AWS services
The following example policy allows access to all actions and resources for Amazon Redshift, Amazon
SNS, and Amazon CloudWatch, and allows specified actions on all related Amazon EC2 resources under
the account.
Note
Resource-level permissions are not supported for the Amazon EC2 actions that are specified in
this example policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"redshift:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"sns:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AttachNetworkInterface",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Resource": [
"*"
]
API Version 2012-12-01
126
Amazon Redshift Management Guide
Example Policies for Amazon Redshift