Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
AmazonRedshiftAllCommandsFullAccess
Descripción: esta política incluye permisos para ejecutar comandos SQL para copiar, cargar, descargar, consultar y analizar datos en Amazon Redshift. La política también concede permisos para ejecutar instrucciones Select para servicios relacionados, como Amazon S3, los Registros de Amazon CloudWatch, Amazon SageMaker o AWS Glue.
AmazonRedshiftAllCommandsFullAccess
es una política administrada de AWS.
Uso de la política
Puede asociar AmazonRedshiftAllCommandsFullAccess
a los usuarios, grupos y roles.
Información de la política
-
Tipo: política administrada por AWS
-
Hora de creación: 4 de noviembre de 2021 a las 00:48 UTC
-
Hora de edición: 25 de noviembre de 2021 a las 02:27 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess
Versión de la política
Versión de la política: v2 (predeterminada)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita acceso a un recurso de AWS, AWS comprueba la versión predeterminada de la política para decidir si permite o no la solicitud.
Documento de política JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "sagemaker:CreateTrainingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCompilationJob", "sagemaker:CreateEndpoint", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeTransformJob", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopTrainingJob", "sagemaker:DescribeEndpoint", "sagemaker:InvokeEndpoint", "sagemaker:StopProcessingJob", "sagemaker:CreateModel", "sagemaker:CreateProcessingJob" ], "Resource" : [ "arn:aws:sagemaker:*:*:model/*redshift*", "arn:aws:sagemaker:*:*:training-job/*redshift*", "arn:aws:sagemaker:*:*:automl-job/*redshift*", "arn:aws:sagemaker:*:*:compilation-job/*redshift*", "arn:aws:sagemaker:*:*:processing-job/*redshift*", "arn:aws:sagemaker:*:*:transform-job/*redshift*", "arn:aws:sagemaker:*:*:endpoint/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Endpoints/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/ProcessingJobs/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/TrainingJobs/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/TransformJobs/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricData" ], "Resource" : "*", "Condition" : { "StringEquals" : { "cloudwatch:namespace" : [ "SageMaker", "/aws/sagemaker/Endpoints", "/aws/sagemaker/ProcessingJobs", "/aws/sagemaker/TrainingJobs", "/aws/sagemaker/TransformJobs" ] } } }, { "Effect" : "Allow", "Action" : [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "s3:GetObject", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetEncryptionConfiguration", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads", "s3:PutObject", "s3:PutBucketAcl", "s3:PutBucketCors", "s3:DeleteObject", "s3:AbortMultipartUpload", "s3:CreateBucket" ], "Resource" : [ "arn:aws:s3:::redshift-downloads", "arn:aws:s3:::redshift-downloads/*", "arn:aws:s3:::*redshift*", "arn:aws:s3:::*redshift*/*" ] }, { "Effect" : "Allow", "Action" : [ "s3:GetObject" ], "Resource" : "*", "Condition" : { "StringEqualsIgnoreCase" : { "s3:ExistingObjectTag/Redshift" : "true" } } }, { "Effect" : "Allow", "Action" : [ "dynamodb:Scan", "dynamodb:DescribeTable", "dynamodb:Getitem" ], "Resource" : [ "arn:aws:dynamodb:*:*:table/*redshift*", "arn:aws:dynamodb:*:*:table/*redshift*/index/*" ] }, { "Effect" : "Allow", "Action" : [ "elasticmapreduce:ListInstances" ], "Resource" : [ "arn:aws:elasticmapreduce:*:*:cluster/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "elasticmapreduce:ListInstances" ], "Resource" : "*", "Condition" : { "StringEqualsIgnoreCase" : { "elasticmapreduce:ResourceTag/Redshift" : "true" } } }, { "Effect" : "Allow", "Action" : [ "lambda:InvokeFunction" ], "Resource" : "arn:aws:lambda:*:*:function:*redshift*" }, { "Effect" : "Allow", "Action" : [ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Resource" : [ "arn:aws:glue:*:*:table/*redshift*/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" ], "Resource" : [ "arn:aws:secretsmanager:*:*:secret:*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "secretsmanager:GetRandomPassword", "secretsmanager:ListSecrets" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "redshift.amazonaws.com", "glue.amazonaws.com", "sagemaker.amazonaws.com", "athena.amazonaws.com" ] } } } ] }