Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
AmazonRedshiftAllCommandsFullAccess
Descripción: esta política incluye permisos para ejecutar comandos SQL para copiar, cargar, descargar, consultar y analizar datos en Amazon Redshift. La política también concede permisos para ejecutar instrucciones Select para servicios relacionados, como Amazon S3, los Registros de Amazon CloudWatch, Amazon SageMaker o AWS Glue.
AmazonRedshiftAllCommandsFullAccess es una política administrada de AWS.
Uso de la política
Puede asociar AmazonRedshiftAllCommandsFullAccess a los usuarios, grupos y roles.
Información de la política
-
Tipo: política administrada por AWS
-
Hora de creación: 4 de noviembre de 2021 a las 00:48 UTC
-
Hora de edición: 25 de noviembre de 2021 a las 02:27 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess
Versión de la política
Versión de la política: v2 (predeterminada)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita acceso a un recurso de AWS, AWS comprueba la versión predeterminada de la política para decidir si permite o no la solicitud.
Documento de política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateAutoMLJob",
"sagemaker:CreateCompilationJob",
"sagemaker:CreateEndpoint",
"sagemaker:DescribeAutoMLJob",
"sagemaker:DescribeTrainingJob",
"sagemaker:DescribeCompilationJob",
"sagemaker:DescribeProcessingJob",
"sagemaker:DescribeTransformJob",
"sagemaker:ListCandidatesForAutoMLJob",
"sagemaker:StopAutoMLJob",
"sagemaker:StopCompilationJob",
"sagemaker:StopTrainingJob",
"sagemaker:DescribeEndpoint",
"sagemaker:InvokeEndpoint",
"sagemaker:StopProcessingJob",
"sagemaker:CreateModel",
"sagemaker:CreateProcessingJob"
],
"Resource" : [
"arn:aws:sagemaker:*:*:model/*redshift*",
"arn:aws:sagemaker:*:*:training-job/*redshift*",
"arn:aws:sagemaker:*:*:automl-job/*redshift*",
"arn:aws:sagemaker:*:*:compilation-job/*redshift*",
"arn:aws:sagemaker:*:*:processing-job/*redshift*",
"arn:aws:sagemaker:*:*:transform-job/*redshift*",
"arn:aws:sagemaker:*:*:endpoint/*redshift*"
]
},
{
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/sagemaker/Endpoints/*redshift*",
"arn:aws:logs:*:*:log-group:/aws/sagemaker/ProcessingJobs/*redshift*",
"arn:aws:logs:*:*:log-group:/aws/sagemaker/TrainingJobs/*redshift*",
"arn:aws:logs:*:*:log-group:/aws/sagemaker/TransformJobs/*redshift*"
]
},
{
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricData"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"cloudwatch:namespace" : [
"SageMaker",
"/aws/sagemaker/Endpoints",
"/aws/sagemaker/ProcessingJobs",
"/aws/sagemaker/TrainingJobs",
"/aws/sagemaker/TransformJobs"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"s3:GetObject",
"s3:GetBucketAcl",
"s3:GetBucketCors",
"s3:GetEncryptionConfiguration",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads",
"s3:PutObject",
"s3:PutBucketAcl",
"s3:PutBucketCors",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:CreateBucket"
],
"Resource" : [
"arn:aws:s3:::redshift-downloads",
"arn:aws:s3:::redshift-downloads/*",
"arn:aws:s3:::*redshift*",
"arn:aws:s3:::*redshift*/*"
]
},
{
"Effect" : "Allow",
"Action" : [
"s3:GetObject"
],
"Resource" : "*",
"Condition" : {
"StringEqualsIgnoreCase" : {
"s3:ExistingObjectTag/Redshift" : "true"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"dynamodb:Scan",
"dynamodb:DescribeTable",
"dynamodb:Getitem"
],
"Resource" : [
"arn:aws:dynamodb:*:*:table/*redshift*",
"arn:aws:dynamodb:*:*:table/*redshift*/index/*"
]
},
{
"Effect" : "Allow",
"Action" : [
"elasticmapreduce:ListInstances"
],
"Resource" : [
"arn:aws:elasticmapreduce:*:*:cluster/*redshift*"
]
},
{
"Effect" : "Allow",
"Action" : [
"elasticmapreduce:ListInstances"
],
"Resource" : "*",
"Condition" : {
"StringEqualsIgnoreCase" : {
"elasticmapreduce:ResourceTag/Redshift" : "true"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"lambda:InvokeFunction"
],
"Resource" : "arn:aws:lambda:*:*:function:*redshift*"
},
{
"Effect" : "Allow",
"Action" : [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Resource" : [
"arn:aws:glue:*:*:table/*redshift*/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*redshift*"
]
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource" : [
"arn:aws:secretsmanager:*:*:secret:*redshift*"
]
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:GetRandomPassword",
"secretsmanager:ListSecrets"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : "arn:aws:iam::*:role/*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"redshift.amazonaws.com",
"glue.amazonaws.com",
"sagemaker.amazonaws.com",
"athena.amazonaws.com"
]
}
}
}
]
}Más información
