Permissions for @turbot/aws-redshift
Taking a look at permissions and associated grant levels for each permission for Redshift:
| Permission | Grant Level | Help |
|---|---|---|
| cloudwatch:DescribeAlarmHistory | Metadata | "For console access |
| cloudwatch:DescribeAlarms | Metadata | "For console access |
| cloudwatch:DescribeAlarmsForMetric | Metadata | "For console access |
| cloudwatch:GetMetricStatistics | Metadata | "For console access |
| cloudwatch:ListMetrics | Metadata | "For console access |
| ec2:DescribeAccountAttributes | Metadata | Metadata for console access |
| ec2:DescribeAddresses | Metadata | Metadata for console access |
| ec2:DescribeAvailabilityZones | Metadata | Metadata for console access |
| ec2:DescribeInternetGateways | Metadata | Metadata for console access |
| ec2:DescribeSecurityGroups | Metadata | Metadata for console access |
| ec2:DescribeSubnets | Metadata | Metadata for console access |
| ec2:DescribeVpcs | Metadata | Metadata for console access |
| redshift-data:BatchExecuteStatement | Admin | Grants permission to execute multiple queries under a single connection. |
| redshift-data:CancelStatement | Admin | Grants permission to cancel a running query |
| redshift-data:DescribeStatement | Metadata | Grants permission to retrieve detailed information about a statement execution |
| redshift-data:DescribeTable | Metadata | Grants permission to retrieve metadata about a particular table |
| redshift-data:ExecuteStatement | Admin | Grants permission to execute a query |
| redshift-data:GetStatementResult | Metadata | Grants permission to fetch the result of a query |
| redshift-data:ListDatabases | Metadata | Grants permission to list databases for a given cluster |
| redshift-data:ListSchemas | Metadata | Grants permission to list schemas for a given cluster |
| redshift-data:ListStatements | Metadata | Grants permission to list queries for a given principal |
| redshift-data:ListTables | Metadata | Grants permission to list tables for a given cluster |
| redshift:AcceptReservedNodeExchange | Operator | |
| redshift:AddPartner | Admin | |
| redshift:AssociateDataShareConsumer | Admin | |
| redshift:AuthorizeClusterSecurityGroupIngress | Admin | Adds an inbound (ingress) rule to an Amazon Redshift security group. Only used for non-VPC clusters |
| redshift:AuthorizeDataShare | Admin | |
| redshift:AuthorizeEndpointAccess | Admin | |
| redshift:AuthorizeSnapshotAccess | Admin | Allows cross-account snapshot sharing |
| redshift:BatchDeleteClusterSnapshots | Admin | "Admins can delete a set of cluster snapshots. High risk |
| redshift:BatchModifyClusterSnapshots | Admin | Admins can modify the settings for a list of snapshots. |
| redshift:CancelQuery | Admin | |
| redshift:CancelQuerySession | Operator | "Low risk |
| redshift:CancelResize | Admin | |
| redshift:CopyClusterSnapshot | Operator | "Low risk |
| redshift:CreateAuthenticationProfile | Admin | |
| redshift:CreateEndpointAccess | Admin | |
| redshift:CreateCluster | Operator | "Low risk |
| redshift:CreateClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:CreateClusterSecurityGroup | Admin | Administrators can manageto create Amazon Redshift security group. Only used for non-VPC clusters |
| redshift:CreateClusterSnapshot | Operator | "Low risk |
| redshift:CreateClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
| redshift:CreateClusterUser | Admin | Admins can auto create the specified redshift user if it does not exist. |
| redshift:CreateEventSubscription | Operator | "Low risk |
| redshift:CreateHsmClientCertificate | Admin | |
| redshift:CreateHsmConfiguration | Admin | |
| redshift:CreateSavedQuery | Admin | |
| redshift:CreateScheduledAction | Admin | |
| redshift:CreateSnapshotCopyGrant | Admin | Creates a snapshot copy grant that permits Amazon Redshift to use a customer master key (CMK) from AWS Key Management Service (AWS KMS) to encrypt copied snapshots in a destination region. |
| redshift:CreateSnapshotSchedule | Operator | |
| redshift:CreateTags | Operator | |
| redshift:CreateUsageLimit | Admin | |
| redshift:DeauthorizeDataShare | Admin | |
| redshift:DeleteAuthenticationProfile | Admin | |
| redshift:DeleteCluster | Admin | "High risk |
| redshift:DeleteClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:DeleteClusterSecurityGroup | Admin | Only used for non-VPC clusters |
| redshift:DeleteClusterSnapshot | Admin | "High risk |
| redshift:DeleteClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
| redshift:DeleteEndpointAccess | Admin | |
| redshift:DeleteEventSubscription | Operator | "Low risk |
| redshift:DeleteHsmClientCertificate | Admin | HSM not yet supported by Turbot |
| redshift:DeleteHsmConfiguration | Admin | HSM not yet supported by Turbot |
| redshift:DeletePartner | Admin | |
| redshift:DeleteSavedQueries | Admin | |
| redshift:DeleteScheduledAction | Admin | |
| redshift:DeleteSnapshotCopyGrant | Admin | Not supported by Turbot until the use case is better understood. |
| redshift:DeleteSnapshotSchedule | Operator | |
| redshift:DeleteTags | Operator | |
| redshift:DeleteUsageLimit | Admin | |
| redshift:DescribeAccountAttributes | Metadata | |
| redshift:DescribeAuthenticationProfiles | Metadata | |
| redshift:DescribeClusterDbRevisions | Metadata | |
| redshift:DescribeClusterParameterGroups | Metadata | |
| redshift:DescribeClusterParameters | Metadata | |
| redshift:DescribeClusterSecurityGroups | Metadata | |
| redshift:DescribeClusterSnapshots | Metadata | |
| redshift:DescribeClusterSubnetGroups | Metadata | |
| redshift:DescribeClusterTracks | Metadata | Returns a list of all the available maintenance tracks. |
| redshift:DescribeClusterVersions | Metadata | |
| redshift:DescribeClusters | Metadata | |
| redshift:DescribeDataShares | Metadata | |
| redshift:DescribeDataSharesForConsumer | Metadata | |
| redshift:DescribeDataSharesForProducer | Metadata | |
| redshift:DescribeDefaultClusterParameters | Metadata | |
| redshift:DescribeEndpointAccess | Metadata | |
| redshift:DescribeEndpointAuthorization | Metadata | |
| redshift:DescribeEventCategories | Metadata | |
| redshift:DescribeEventSubscriptions | Metadata | |
| redshift:DescribeEvents | Metadata | |
| redshift:DescribeHsmClientCertificates | Metadata | |
| redshift:DescribeHsmConfigurations | Metadata | |
| redshift:DescribeLoggingStatus | Metadata | |
| redshift:DescribeNodeConfigurationOptions | Metadata | |
| redshift:DescribePartners | Metadata | |
| redshift:DescribeOrderableClusterOptions | Metadata | |
| redshift:DescribeQuery | Admin | |
| redshift:DescribeReservedNodeOfferings | Metadata | |
| redshift:DescribeReservedNodes | Metadata | |
| redshift:DescribeResize | Metadata | |
| redshift:DescribeSavedQueries | Admin | |
| redshift:DescribeScheduledActions | Metadata | |
| redshift:DescribeSnapshotCopyGrants | Metadata | |
| redshift:DescribeSnapshotSchedules | Metadata | |
| redshift:DescribeStorage | Metadata | |
| redshift:DescribeTable | Admin | |
| redshift:DescribeTableRestoreStatus | Metadata | |
| redshift:DescribeTags | Metadata | |
| redshift:DescribeUsageLimits | Metadata | |
| redshift:DisableLogging | Admin | |
| redshift:DisableSnapshotCopy | Operator | "Low risk since old snapshots are not deleted |
| redshift:DisassociateDataShareConsumer | Admin | |
| redshift:EnableLogging | Admin | |
| redshift:EnableSnapshotCopy | Operator | "Low risk |
| redshift:ExecuteQuery | Admin | Admins can use query editor for creating and listing tables and other info. |
| redshift:FetchResults | Admin | |
| redshift:GetClusterCredentials | Admin | |
| redshift:GetReservedNodeExchangeOfferings | Metadata | |
| redshift:JoinGroup | Admin | |
| redshift:ListDatabases | Admin | |
| redshift:ListSavedQueries | Metadata | |
| redshift:ListSchemas | Admin | |
| redshift:ListTables | Admin | |
| redshift:ModifyAquaConfiguration | Admin | |
| redshift:ModifyAuthenticationProfile | Admin | |
| redshift:ModifyCluster | Admin | "Turbot manages low skill parameters |
| redshift:ModifyClusterDbRevision | Admin | |
| redshift:ModifyClusterIamRoles | Admin | "Administrators can assign roles to Redshift |
| redshift:ModifyClusterMaintenance | Operator | Operators can modify the maintenance settings of a cluster. |
| redshift:ModifyClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:ModifyClusterSnapshot | Operator | |
| redshift:ModifyClusterSnapshotSchedule | Operator | |
| redshift:ModifyClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
| redshift:ModifyEndpointAccess | Admin | |
| redshift:ModifyEventSubscription | Operator | "Low risk |
| redshift:ModifySavedQuery | Admin | |
| redshift:ModifyScheduledAction | Admin | |
| redshift:ModifySnapshotCopyRetentionPeriod | Admin | "Can be decreased |
| redshift:ModifySnapshotSchedule | Operator | |
| redshift:ModifyUsageLimit | Admin | |
| redshift:PauseCluster | Operator | |
| redshift:PurchaseReservedNodeOffering | Owner | Owners are responsible for cost commitments. |
| redshift:RebootCluster | Operator | Medium risk. Impacts availability. |
| redshift:RejectDataShare | Operator | |
| redshift:ResetClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:ResizeCluster | Admin | "Admin can change the size of the cluster. Cluster type |
| redshift:RestoreFromClusterSnapshot | Operator | "Low risk |
| redshift:RestoreTableFromClusterSnapshot | Operator | "Low risk |
| redshift:ResumeCluster | Operator | |
| redshift:RevokeClusterSecurityGroupIngress | Admin | Only used for non-VPC clusters |
| redshift:RevokeEndpointAccess | Admin | |
| redshift:RevokeSnapshotAccess | Admin | Allows cross-account snapshot sharing |
| redshift:RotateEncryptionKey | Operator | "Medium risk. No impact on data since keys managed by Redshift |
| redshift:UpdatePartnerStatus | Admin | |
| redshift:ViewQueriesFromConsole | Metadata | |
| redshift:ViewQueriesInConsole | Metadata | "No data |
| sns:GetEndpointAttributes | Metadata | "For console access |
| sns:GetPlatformApplicationAttributes | Metadata | "For console access |
| sns:GetSubscriptionAttributes | Metadata | "For console access |
| sns:GetTopicAttributes | Metadata | "For console access |
| sns:ListEndpointsByPlatformApplication | Metadata | "For console access |
| sns:ListPlatformApplications | Metadata | "For console access |
| sns:ListSubscriptionsByTopic | Metadata | "For console access |
| sqlworkbench:AssociateConnectionWithChart | Admin | |
| sqlworkbench:AssociateConnectionWithTab | Admin | |
| sqlworkbench:AssociateNotebookWithTab | Admin | |
| sqlworkbench:AssociateQueryWithTab | Admin | |
| sqlworkbench:BatchDeleteFolder | Admin | |
| sqlworkbench:BatchGetNotebookCell | Metadata | |
| sqlworkbench:CreateAccount | Admin | |
| sqlworkbench:CreateChart | Admin | |
| sqlworkbench:CreateConnection | Admin | |
| sqlworkbench:CreateFolder | Admin | |
| sqlworkbench:CreateNotebook | Admin | |
| sqlworkbench:CreateNotebookCell | Admin | |
| sqlworkbench:CreateNotebookFromVersion | Admin | |
| sqlworkbench:CreateNotebookVersion | Admin | |
| sqlworkbench:CreateSavedQuery | Admin | |
| sqlworkbench:DeleteChart | Admin | |
| sqlworkbench:DeleteConnection | Admin | |
| sqlworkbench:DeleteNotebook | Admin | |
| sqlworkbench:DeleteNotebookCell | Admin | |
| sqlworkbench:DeleteNotebookVersion | Admin | |
| sqlworkbench:DeleteSavedQuery | Admin | |
| sqlworkbench:DeleteTab | Admin | |
| sqlworkbench:DriverExecute | Admin | |
| sqlworkbench:DuplicateNotebook | Admin | |
| sqlworkbench:ExportNotebook | Operator | |
| sqlworkbench:GenerateSession | Admin | |
| sqlworkbench:GetAccountInfo | Metadata | |
| sqlworkbench:GetAccountSettings | Metadata | |
| sqlworkbench:GetAutocompletionMetadata | Metadata | |
| sqlworkbench:GetAutocompletionResource | Metadata | |
| sqlworkbench:GetChart | Metadata | |
| sqlworkbench:GetConnection | Metadata | |
| sqlworkbench:GetKMSKey | Metadata | |
| sqlworkbench:GetNotebook | Metadata | |
| sqlworkbench:GetNotebookVersion | Metadata | |
| sqlworkbench:GetQueryExecutionHistory | Metadata | |
| sqlworkbench:GetSavedQuery | Metadata | |
| sqlworkbench:GetSchemaInference | Metadata | |
| sqlworkbench:GetUserInfo | Metadata | |
| sqlworkbench:GetUserWorkspaceSettings | Metadata | |
| sqlworkbench:ImportNotebook | Operator | |
| sqlworkbench:ListBuckets | Metadata | |
| sqlworkbench:ListConnections | Metadata | |
| sqlworkbench:ListDatabases | Metadata | |
| sqlworkbench:ListFiles | Metadata | |
| sqlworkbench:ListKMSKeyAliases | Metadata | |
| sqlworkbench:ListKMSKeys | Metadata | |
| sqlworkbench:ListNotebooks | Metadata | |
| sqlworkbench:ListNotebookVersions | Metadata | |
| sqlworkbench:ListQueryExecutionHistory | Metadata | |
| sqlworkbench:ListRedshiftClusters | Metadata | |
| sqlworkbench:ListSampleDatabases | Metadata | |
| sqlworkbench:ListSavedQueryVersions | Metadata | |
| sqlworkbench:ListTabs | Metadata | |
| sqlworkbench:ListTaggedResources | Metadata | |
| sqlworkbench:ListTagsForResource | Metadata | |
| sqlworkbench:PutTab | Admin | |
| sqlworkbench:PutUserWorkspaceSettings | Admin | |
| sqlworkbench:RestoreNotebookVersion | Operator | |
| sqlworkbench:TagResource | Operator | |
| sqlworkbench:UntagResource | Operator | |
| sqlworkbench:UpdateAccountConnectionSettings | Admin | |
| sqlworkbench:UpdateAccountExportSettings | Admin | |
| sqlworkbench:UpdateAccountGeneralSettings | Admin | |
| sqlworkbench:UpdateChart | Admin | |
| sqlworkbench:UpdateConnection | Admin | |
| sqlworkbench:UpdateFileFolder | Admin | |
| sqlworkbench:UpdateFolder | Admin | |
| sqlworkbench:UpdateNotebook | Admin | |
| sqlworkbench:UpdateNotebookCellContent | Admin | |
| sqlworkbench:UpdateNotebookCellLayout | Admin | |
| sqlworkbench:UpdateSavedQuery | Admin |