Amazon Redshift
Getting Started Guide (API Version 2012-12-01)

Step 2: Create an IAM Role

For any operation that accesses data on another AWS resource, such as using a COPY command to load data from Amazon S3, your cluster needs permission to access the resource and the data on the resource on your behalf. You provide those permissions by using AWS Identity and Access Management, either through an IAM role that is attached to your cluster or by providing the AWS access key for an IAM user that has the necessary permissions.

To best protect your sensitive data and safeguard your AWS access credentials, we recommend creating an IAM role and attaching it to your cluster. For more information about providing access permissions, see Permissions to Access Other AWS Resources.

In this step, you will create a new IAM role that enables Amazon Redshift to load data from Amazon S3 buckets. In the next step, you will attach the role to your cluster.

To Create an IAM Role for Amazon Redshift

  1. Sign in to the AWS Management Console and open the IAM console at

  2. In the left navigation pane, choose Roles.

  3. Choose Create role

  4. In the AWS Service group, choose Redshift.

  5. Under Select your use case, choose Redshift - Customizable then choose Next: Permissions.

  6. On the Attach permissions policies page, choose AmazonS3ReadOnlyAccess, and then choose Next: Review.

  7. For Role name, type a name for your role. For this tutorial, type myRedshiftRole.

  8. Review the information, and then choose Create Role.

  9. Choose the role name of the role you just created.

  10. Copy the Role ARN to your clipboard—this value is the Amazon Resource Name (ARN) for the role that you just created. You will use that value when you use the COPY command to load data in Step 6: Load Sample Data from Amazon S3.

Now that you have created the new role, your next step is to attach it to your cluster. You can attach the role when you launch a new cluster or you can attach it to an existing cluster. In the next step, you'll attach the role to a new cluster.