AmazonRedshiftDataFullAccess details (in AWS console)
Policy Name
AmazonRedshiftDataFullAccess
Description
This policy provides full access to Amazon Redshift Data APIs. This policy also grants scoped access to other required services.
ARN
arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess
Path
/
PolicyId
ANPAZKAPJZG4PX5LA5SG6
AttachmentCount
0
[
{
"Effect": "Allow",
"Action": [
"redshift-data:BatchExecuteStatement",
"redshift-data:ExecuteStatement",
"redshift-data:CancelStatement",
"redshift-data:ListStatements",
"redshift-data:GetStatementResult",
"redshift-data:DescribeStatement",
"redshift-data:ListDatabases",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"redshift-data:DescribeTable"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:GetClusterCredentials"
],
"Resource": [
"arn:aws:redshift:*:*:dbname:*/*",
"arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:GetClusterCredentialsWithIAM"
],
"Resource": [
"arn:aws:redshift:*:*:dbname:*/*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift-serverless:GetCredentials"
],
"Resource": [
"arn:aws:redshift-serverless:*:*:workgroup/*"
]
},
{
"Effect": "Deny",
"Action": [
"redshift:CreateClusterUser"
],
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user"
]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift"
]
}
]