Permissions for @turbot/aws-redshift
Taking a look at permissions and associated grant levels for each permission for Redshift:
Permission | Grant Level | Help |
---|---|---|
cloudwatch:DescribeAlarmHistory | Metadata | "For console access |
cloudwatch:DescribeAlarms | Metadata | "For console access |
cloudwatch:DescribeAlarmsForMetric | Metadata | "For console access |
cloudwatch:GetMetricStatistics | Metadata | "For console access |
cloudwatch:ListMetrics | Metadata | "For console access |
ec2:DescribeAccountAttributes | Metadata | Metadata for console access |
ec2:DescribeAddresses | Metadata | Metadata for console access |
ec2:DescribeAvailabilityZones | Metadata | Metadata for console access |
ec2:DescribeInternetGateways | Metadata | Metadata for console access |
ec2:DescribeSecurityGroups | Metadata | Metadata for console access |
ec2:DescribeSubnets | Metadata | Metadata for console access |
ec2:DescribeVpcs | Metadata | Metadata for console access |
redshift-data:BatchExecuteStatement | Admin | Grants permission to execute multiple queries under a single connection. |
redshift-data:CancelStatement | Admin | Grants permission to cancel a running query |
redshift-data:DescribeStatement | Metadata | Grants permission to retrieve detailed information about a statement execution |
redshift-data:DescribeTable | Metadata | Grants permission to retrieve metadata about a particular table |
redshift-data:ExecuteStatement | Admin | Grants permission to execute a query |
redshift-data:GetStatementResult | Metadata | Grants permission to fetch the result of a query |
redshift-data:ListDatabases | Metadata | Grants permission to list databases for a given cluster |
redshift-data:ListSchemas | Metadata | Grants permission to list schemas for a given cluster |
redshift-data:ListStatements | Metadata | Grants permission to list queries for a given principal |
redshift-data:ListTables | Metadata | Grants permission to list tables for a given cluster |
redshift:AcceptReservedNodeExchange | Operator | |
redshift:AddPartner | Admin | |
redshift:AssociateDataShareConsumer | Admin | |
redshift:AuthorizeClusterSecurityGroupIngress | Admin | Adds an inbound (ingress) rule to an Amazon Redshift security group. Only used for non-VPC clusters |
redshift:AuthorizeDataShare | Admin | |
redshift:AuthorizeEndpointAccess | Admin | |
redshift:AuthorizeSnapshotAccess | Admin | Allows cross-account snapshot sharing |
redshift:BatchDeleteClusterSnapshots | Admin | "Admins can delete a set of cluster snapshots. High risk |
redshift:BatchModifyClusterSnapshots | Admin | Admins can modify the settings for a list of snapshots. |
redshift:CancelQuery | Admin | |
redshift:CancelQuerySession | Operator | "Low risk |
redshift:CancelResize | Admin | |
redshift:CopyClusterSnapshot | Operator | "Low risk |
redshift:CreateAuthenticationProfile | Admin | |
redshift:CreateEndpointAccess | Admin | |
redshift:CreateCluster | Operator | "Low risk |
redshift:CreateClusterParameterGroup | Admin | "Turbot manages low skill parameters |
redshift:CreateClusterSecurityGroup | Admin | Administrators can manageto create Amazon Redshift security group. Only used for non-VPC clusters |
redshift:CreateClusterSnapshot | Operator | "Low risk |
redshift:CreateClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
redshift:CreateClusterUser | Admin | Admins can auto create the specified redshift user if it does not exist. |
redshift:CreateEventSubscription | Operator | "Low risk |
redshift:CreateHsmClientCertificate | Admin | |
redshift:CreateHsmConfiguration | Admin | |
redshift:CreateSavedQuery | Admin | |
redshift:CreateScheduledAction | Admin | |
redshift:CreateSnapshotCopyGrant | Admin | Creates a snapshot copy grant that permits Amazon Redshift to use a customer master key (CMK) from AWS Key Management Service (AWS KMS) to encrypt copied snapshots in a destination region. |
redshift:CreateSnapshotSchedule | Operator | |
redshift:CreateTags | Operator | |
redshift:CreateUsageLimit | Admin | |
redshift:DeauthorizeDataShare | Admin | |
redshift:DeleteAuthenticationProfile | Admin | |
redshift:DeleteCluster | Admin | "High risk |
redshift:DeleteClusterParameterGroup | Admin | "Turbot manages low skill parameters |
redshift:DeleteClusterSecurityGroup | Admin | Only used for non-VPC clusters |
redshift:DeleteClusterSnapshot | Admin | "High risk |
redshift:DeleteClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
redshift:DeleteEndpointAccess | Admin | |
redshift:DeleteEventSubscription | Operator | "Low risk |
redshift:DeleteHsmClientCertificate | Admin | HSM not yet supported by Turbot |
redshift:DeleteHsmConfiguration | Admin | HSM not yet supported by Turbot |
redshift:DeletePartner | Admin | |
redshift:DeleteSavedQueries | Admin | |
redshift:DeleteScheduledAction | Admin | |
redshift:DeleteSnapshotCopyGrant | Admin | Not supported by Turbot until the use case is better understood. |
redshift:DeleteSnapshotSchedule | Operator | |
redshift:DeleteTags | Operator | |
redshift:DeleteUsageLimit | Admin | |
redshift:DescribeAccountAttributes | Metadata | |
redshift:DescribeAuthenticationProfiles | Metadata | |
redshift:DescribeClusterDbRevisions | Metadata | |
redshift:DescribeClusterParameterGroups | Metadata | |
redshift:DescribeClusterParameters | Metadata | |
redshift:DescribeClusterSecurityGroups | Metadata | |
redshift:DescribeClusterSnapshots | Metadata | |
redshift:DescribeClusterSubnetGroups | Metadata | |
redshift:DescribeClusterTracks | Metadata | Returns a list of all the available maintenance tracks. |
redshift:DescribeClusterVersions | Metadata | |
redshift:DescribeClusters | Metadata | |
redshift:DescribeDataShares | Metadata | |
redshift:DescribeDataSharesForConsumer | Metadata | |
redshift:DescribeDataSharesForProducer | Metadata | |
redshift:DescribeDefaultClusterParameters | Metadata | |
redshift:DescribeEndpointAccess | Metadata | |
redshift:DescribeEndpointAuthorization | Metadata | |
redshift:DescribeEventCategories | Metadata | |
redshift:DescribeEventSubscriptions | Metadata | |
redshift:DescribeEvents | Metadata | |
redshift:DescribeHsmClientCertificates | Metadata | |
redshift:DescribeHsmConfigurations | Metadata | |
redshift:DescribeLoggingStatus | Metadata | |
redshift:DescribeNodeConfigurationOptions | Metadata | |
redshift:DescribePartners | Metadata | |
redshift:DescribeOrderableClusterOptions | Metadata | |
redshift:DescribeQuery | Admin | |
redshift:DescribeReservedNodeOfferings | Metadata | |
redshift:DescribeReservedNodes | Metadata | |
redshift:DescribeResize | Metadata | |
redshift:DescribeSavedQueries | Admin | |
redshift:DescribeScheduledActions | Metadata | |
redshift:DescribeSnapshotCopyGrants | Metadata | |
redshift:DescribeSnapshotSchedules | Metadata | |
redshift:DescribeStorage | Metadata | |
redshift:DescribeTable | Admin | |
redshift:DescribeTableRestoreStatus | Metadata | |
redshift:DescribeTags | Metadata | |
redshift:DescribeUsageLimits | Metadata | |
redshift:DisableLogging | Admin | |
redshift:DisableSnapshotCopy | Operator | "Low risk since old snapshots are not deleted |
redshift:DisassociateDataShareConsumer | Admin | |
redshift:EnableLogging | Admin | |
redshift:EnableSnapshotCopy | Operator | "Low risk |
redshift:ExecuteQuery | Admin | Admins can use query editor for creating and listing tables and other info. |
redshift:FetchResults | Admin | |
redshift:GetClusterCredentials | Admin | |
redshift:GetReservedNodeExchangeOfferings | Metadata | |
redshift:JoinGroup | Admin | |
redshift:ListDatabases | Admin | |
redshift:ListSavedQueries | Metadata | |
redshift:ListSchemas | Admin | |
redshift:ListTables | Admin | |
redshift:ModifyAquaConfiguration | Admin | |
redshift:ModifyAuthenticationProfile | Admin | |
redshift:ModifyCluster | Admin | "Turbot manages low skill parameters |
redshift:ModifyClusterDbRevision | Admin | |
redshift:ModifyClusterIamRoles | Admin | "Administrators can assign roles to Redshift |
redshift:ModifyClusterMaintenance | Operator | Operators can modify the maintenance settings of a cluster. |
redshift:ModifyClusterParameterGroup | Admin | "Turbot manages low skill parameters |
redshift:ModifyClusterSnapshot | Operator | |
redshift:ModifyClusterSnapshotSchedule | Operator | |
redshift:ModifyClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
redshift:ModifyEndpointAccess | Admin | |
redshift:ModifyEventSubscription | Operator | "Low risk |
redshift:ModifySavedQuery | Admin | |
redshift:ModifyScheduledAction | Admin | |
redshift:ModifySnapshotCopyRetentionPeriod | Admin | "Can be decreased |
redshift:ModifySnapshotSchedule | Operator | |
redshift:ModifyUsageLimit | Admin | |
redshift:PauseCluster | Operator | |
redshift:PurchaseReservedNodeOffering | Owner | Owners are responsible for cost commitments. |
redshift:RebootCluster | Operator | Medium risk. Impacts availability. |
redshift:RejectDataShare | Operator | |
redshift:ResetClusterParameterGroup | Admin | "Turbot manages low skill parameters |
redshift:ResizeCluster | Admin | "Admin can change the size of the cluster. Cluster type |
redshift:RestoreFromClusterSnapshot | Operator | "Low risk |
redshift:RestoreTableFromClusterSnapshot | Operator | "Low risk |
redshift:ResumeCluster | Operator | |
redshift:RevokeClusterSecurityGroupIngress | Admin | Only used for non-VPC clusters |
redshift:RevokeEndpointAccess | Admin | |
redshift:RevokeSnapshotAccess | Admin | Allows cross-account snapshot sharing |
redshift:RotateEncryptionKey | Operator | "Medium risk. No impact on data since keys managed by Redshift |
redshift:UpdatePartnerStatus | Admin | |
redshift:ViewQueriesFromConsole | Metadata | |
redshift:ViewQueriesInConsole | Metadata | "No data |
sns:GetEndpointAttributes | Metadata | "For console access |
sns:GetPlatformApplicationAttributes | Metadata | "For console access |
sns:GetSubscriptionAttributes | Metadata | "For console access |
sns:GetTopicAttributes | Metadata | "For console access |
sns:ListEndpointsByPlatformApplication | Metadata | "For console access |
sns:ListPlatformApplications | Metadata | "For console access |
sns:ListSubscriptionsByTopic | Metadata | "For console access |
sqlworkbench:AssociateConnectionWithChart | Admin | |
sqlworkbench:AssociateConnectionWithTab | Admin | |
sqlworkbench:AssociateNotebookWithTab | Admin | |
sqlworkbench:AssociateQueryWithTab | Admin | |
sqlworkbench:BatchDeleteFolder | Admin | |
sqlworkbench:BatchGetNotebookCell | Metadata | |
sqlworkbench:CreateAccount | Admin | |
sqlworkbench:CreateChart | Admin | |
sqlworkbench:CreateConnection | Admin | |
sqlworkbench:CreateFolder | Admin | |
sqlworkbench:CreateNotebook | Admin | |
sqlworkbench:CreateNotebookCell | Admin | |
sqlworkbench:CreateNotebookFromVersion | Admin | |
sqlworkbench:CreateNotebookVersion | Admin | |
sqlworkbench:CreateSavedQuery | Admin | |
sqlworkbench:DeleteChart | Admin | |
sqlworkbench:DeleteConnection | Admin | |
sqlworkbench:DeleteNotebook | Admin | |
sqlworkbench:DeleteNotebookCell | Admin | |
sqlworkbench:DeleteNotebookVersion | Admin | |
sqlworkbench:DeleteSavedQuery | Admin | |
sqlworkbench:DeleteTab | Admin | |
sqlworkbench:DriverExecute | Admin | |
sqlworkbench:DuplicateNotebook | Admin | |
sqlworkbench:ExportNotebook | Operator | |
sqlworkbench:GenerateSession | Admin | |
sqlworkbench:GetAccountInfo | Metadata | |
sqlworkbench:GetAccountSettings | Metadata | |
sqlworkbench:GetAutocompletionMetadata | Metadata | |
sqlworkbench:GetAutocompletionResource | Metadata | |
sqlworkbench:GetChart | Metadata | |
sqlworkbench:GetConnection | Metadata | |
sqlworkbench:GetKMSKey | Metadata | |
sqlworkbench:GetNotebook | Metadata | |
sqlworkbench:GetNotebookVersion | Metadata | |
sqlworkbench:GetQueryExecutionHistory | Metadata | |
sqlworkbench:GetSavedQuery | Metadata | |
sqlworkbench:GetSchemaInference | Metadata | |
sqlworkbench:GetUserInfo | Metadata | |
sqlworkbench:GetUserWorkspaceSettings | Metadata | |
sqlworkbench:ImportNotebook | Operator | |
sqlworkbench:ListBuckets | Metadata | |
sqlworkbench:ListConnections | Metadata | |
sqlworkbench:ListDatabases | Metadata | |
sqlworkbench:ListFiles | Metadata | |
sqlworkbench:ListKMSKeyAliases | Metadata | |
sqlworkbench:ListKMSKeys | Metadata | |
sqlworkbench:ListNotebooks | Metadata | |
sqlworkbench:ListNotebookVersions | Metadata | |
sqlworkbench:ListQueryExecutionHistory | Metadata | |
sqlworkbench:ListRedshiftClusters | Metadata | |
sqlworkbench:ListSampleDatabases | Metadata | |
sqlworkbench:ListSavedQueryVersions | Metadata | |
sqlworkbench:ListTabs | Metadata | |
sqlworkbench:ListTaggedResources | Metadata | |
sqlworkbench:ListTagsForResource | Metadata | |
sqlworkbench:PutTab | Admin | |
sqlworkbench:PutUserWorkspaceSettings | Admin | |
sqlworkbench:RestoreNotebookVersion | Operator | |
sqlworkbench:TagResource | Operator | |
sqlworkbench:UntagResource | Operator | |
sqlworkbench:UpdateAccountConnectionSettings | Admin | |
sqlworkbench:UpdateAccountExportSettings | Admin | |
sqlworkbench:UpdateAccountGeneralSettings | Admin | |
sqlworkbench:UpdateChart | Admin | |
sqlworkbench:UpdateConnection | Admin | |
sqlworkbench:UpdateFileFolder | Admin | |
sqlworkbench:UpdateFolder | Admin | |
sqlworkbench:UpdateNotebook | Admin | |
sqlworkbench:UpdateNotebookCellContent | Admin | |
sqlworkbench:UpdateNotebookCellLayout | Admin | |
sqlworkbench:UpdateSavedQuery | Admin |