User guide
"Effect":"Allow",
"Action":[
"redshift:AuthorizeSnapshotAccess",
"redshift:RevokeSnapshotAccess"
],
"Resource":[
"arn:aws:redshift:us-east-1:012345678912:snapshot:*/my-snap
shot20130829"
]
}
]
}
• IAM users in an AWS account with which a snapshot has been shared cannot perform actions on that
snapshot unless they have IAM policies allowing those actions:
• To list or describe a snapshot, they must have an IAM policy that allows the
DescribeClusterSnapshots action. The following code shows an example:
{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"redshift:DescribeClusterSnapshots"
],
"Resource":[
"*"
]
}
]
}
• To restore a snapshot, users must have an IAM policy that allows the
RestoreFromClusterSnapshot action and has a resource element that covers both the cluster
they are attempting to create and the snapshot. For example, if a user in account 012345678912
has shared snapshot my-snapshot20130829 with account 219876543210, in order to create a
cluster by restoring the snapshot, a user in account 219876543210 must have a policy such as the
following:
{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"redshift:RestoreFromClusterSnapshot"
],
"Resource":[
"arn:aws:redshift:us-east-1:012345678912:snapshot:*/my-snap
shot20130829",
"arn:aws:redshift:us-east-1:219876543210:cluster:from-another-
account"
]
}
API Version 2012-12-01
85
Amazon Redshift Management Guide
Sharing Snapshots