Menu
Amazon Redshift
Getting Started Guide (API Version 2012-12-01)

Step 2: Create an IAM Role

For any operation that accesses data on another AWS resource, such as using a COPY command to load data from Amazon S3, your cluster needs permission to access the resource and the data on the resource on your behalf. You provide those permissions by using AWS Identity and Access Management, either through an IAM role that is attached to your cluster or by providing the AWS access key for an IAM user that has the necessary permissions.

To best protect your sensitive data and safeguard your AWS access credentials, we recommend creating an IAM role and attaching it to your cluster. For more information about providing access permissions, see Permissions to Access Other AWS Resources.

In this step, you will create a new IAM role that enables Amazon Redshift to load data from Amazon S3 buckets. In the next step, you will attach the role to your cluster.

To Create an IAM Role for Amazon Redshift

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the left navigation pane, choose Roles.

  3. Choose Create New Role

  4. In the AWS Service Roles, choose Amazon Redshift and choose Select.

  5. On the Attach Policy page, choose AmazonS3ReadOnlyAccess, and then choose Next Step.

  6. For Role Name, type a name for your role. For this tutorial, type myRedshiftRole.

  7. Review the information, and then choose Create Role.

  8. Choose the role name for new role.

  9. Copy the Role ARN to your clipboard—this value is the Amazon Resource Name (ARN) for the role that you just created. You will use that value when you use the COPY command to load data in Step 6: Load Sample Data from Amazon S3.