ModifyClusterIamRoles

Modifies the list of AWS Identity and Access Management (IAM) roles that can be used by the cluster to access other AWS services.

The maximum number of IAM roles that you can associate is subject to a quota. For more information, go to Quotas and limits in the Amazon Redshift Cluster Management Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

ClusterIdentifier

The unique identifier of the cluster for which you want to associate or disassociate IAM roles.

Type: String

Length Constraints: Maximum length of 2147483647.

Required: Yes

AddIamRoles.IamRoleArn.N

Zero or more IAM roles to associate with the cluster. The roles must be in their Amazon Resource Name (ARN) format.

Type: Array of strings

Length Constraints: Maximum length of 2147483647.

Required: No

DefaultIamRoleArn

The Amazon Resource Name (ARN) for the IAM role that was set as default for the cluster when the cluster was last modified.

Type: String

Length Constraints: Maximum length of 2147483647.

Required: No

RemoveIamRoles.IamRoleArn.N

Zero or more IAM roles in ARN format to disassociate from the cluster.

Type: Array of strings

Length Constraints: Maximum length of 2147483647.

Required: No

Response Elements

The following element is returned by the service.

Cluster

Describes a cluster.

Type: Cluster object

Errors

For information about the errors that are common to all actions, see Common Errors.

ClusterNotFound

The ClusterIdentifier parameter does not refer to an existing cluster.

HTTP Status Code: 404

InvalidClusterState

The specified cluster is not in the available state.

HTTP Status Code: 400

Examples

Example

This example removes an AWS Identity and Access Management (IAM) role from a cluster.

Sample Request

https://redshift.us-east-2.amazonaws.com/
       ?Action=ModifyClusterIamRoles
&ClusterIdentifier=mycluster
&RemoveIamRoles.IamRoleArn.1=arn%3Aaws%3Aiam%3A%3A123456789012%3Arole%2FmyRedshiftRole
&SignatureMethod=HmacSHA256&SignatureVersion=4
&Version=2012-12-01
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20190817/us-east-2/redshift/aws4_request
&X-Amz-Date=20190825T160000Z
&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
&X-Amz-Signature=0aa1234bb5cc678ddddd901ee2ff3aa45678b90c12d345e6ff789012345a6b7b

Sample Response

<ModifyClusterIamRolesResponse xmlns="http://redshift.amazonaws.com/doc/2012-12-01/">
  <ModifyClusterIamRolesResult>
    <Cluster>
      <AllowVersionUpgrade>true</AllowVersionUpgrade>
      <ClusterIdentifier>mycluster</ClusterIdentifier>
      <NumberOfNodes>1</NumberOfNodes>
      <AvailabilityZone>us-east-2a</AvailabilityZone>
      <ClusterVersion>1.0</ClusterVersion>
      <ExpectedNextSnapshotScheduleTimeStatus>OnTrack</ExpectedNextSnapshotScheduleTimeStatus>
      <ManualSnapshotRetentionPeriod>-1</ManualSnapshotRetentionPeriod>
      <ClusterAvailabilityStatus>Available</ClusterAvailabilityStatus>
      <Endpoint>
        <Port>5439</Port>
        <Address>mycluster.cmeaswqeuae.us-east-2.redshift.amazonaws.com</Address>
      </Endpoint>
      <VpcId>vpc-a1abc1a1</VpcId>
      <PubliclyAccessible>true</PubliclyAccessible>
      <ClusterCreateTime>2019-12-27T17:48:01.504Z</ClusterCreateTime>
      <MasterUsername>adminuser</MasterUsername>
      <DBName>dev</DBName>
      <EnhancedVpcRouting>false</EnhancedVpcRouting>
      <IamRoles/>
      <ClusterSecurityGroups/>
      <ExpectedNextSnapshotScheduleTime>2019-12-28T05:48:20.939Z</ExpectedNextSnapshotScheduleTime>
      <NodeType>dc2.large</NodeType>
      <ClusterSubnetGroupName>default</ClusterSubnetGroupName>
      <NextMaintenanceWindowStartTime>2019-12-29T23:15:00Z</NextMaintenanceWindowStartTime>
      <DeferredMaintenanceWindows/>
      <Tags>
        <Tag>
          <Value>newtag</Value>
          <Key>mytag</Key>
        </Tag>
      </Tags>
      <VpcSecurityGroups>
        <VpcSecurityGroup>
          <VpcSecurityGroupId>sh-a1a123ab</VpcSecurityGroupId>
          <Status>active</Status>
        </VpcSecurityGroup>
      </VpcSecurityGroups>
      <ClusterParameterGroups>
        <ClusterParameterGroup>
          <ParameterGroupName>default.redshift-1.0</ParameterGroupName>
          <ParameterApplyStatus>in-sync</ParameterApplyStatus>
        </ClusterParameterGroup>
      </ClusterParameterGroups>
      <Encrypted>false</Encrypted>
      <MaintenanceTrackName>current</MaintenanceTrackName>
      <PendingModifiedValues/>
      <PreferredMaintenanceWindow>sun:23:15-mon:03:15</PreferredMaintenanceWindow>
      <AutomatedSnapshotRetentionPeriod>1</AutomatedSnapshotRetentionPeriod>
      <ClusterStatus>available</ClusterStatus>
    </Cluster>
  </ModifyClusterIamRolesResult>
  <ResponseMetadata>
    <RequestId>3ca20e36-28e0-11ea-8397-219d1980588b</RequestId>
  </ResponseMetadata>
</ModifyClusterIamRolesResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go v2

• AWS SDK for Java V2

• AWS SDK for JavaScript V3

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3