Posted On: Jan 11, 2022

Amazon Redshift default IAM role is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.

Amazon Redshift simplifies the use of other services such as Amazon S3, Amazon SageMaker, Amazon Lambda, Amazon Aurora, and Amazon Glue by allowing customers to create an IAM role from the Redshift console and assigning it as the default IAM role while creating an Amazon Redshift cluster. The default IAM role helps simplify SQL operations such as COPY, UNLOAD, CREATE, EXTERNAL FUNCTION, CREATE EXTERNAL TABLE, CREATE EXTERNAL SCHEMA, CREATE MODEL, or CREATE LIBRARY that accesses other Amazon Web Services services by eliminating the need to specify the Amazon Resource Name (ARN) for the IAM role.

Amazon Redshift provides a new managed IAM policy AmazonRedshiftAllCommandsFullAccess policy that has required privileges to use other related services such as S3, SageMaker, Lambda, Aurora, and Glue. This policy is used for creating the default IAM role with Amazon Redshift console. The end users can use the default IAM role with COPY, UNLOAD, CREATE, EXTERNAL FUNCTION, CREATE EXTERNAL TABLE, CREATE EXTERNAL SCHEMA, CREATE MODEL, or CREATE LIBRARY commands by specifying IAM_ROLE with DEFAULT keyword without having to specify ARN for the IAM role.

You can find more information about the IAM role from the Redshift cluster management guide.