Amazon Redshift Serverless (redshift-serverless)

2022-07-08

37 new actions, 5 new resources, 8 new conditions

Additions

    Actions
  • ConvertRecoveryPointToSnapshot
    • Description:  Grants permission to convert a recovery point to a snapshot
    • Access:  Write
    • Resources: 

      Name: recoveryPoint

      Required: Yes

      Name: snapshot

      Required: Yes

  • CreateEndpointAccess
    • Description:  Grants permission to create an Amazon Redshift Serverless managed VPC endpoint
    • Access:  Write
    • Resources: 

      Name: endpointAccess

      Required: Yes

  • CreateNamespace
    • Description:  Grants permission to create an Amazon Redshift Serverless namespace
    • Access:  Write
    • Resources: 

      Name: namespace

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateSnapshot
    • Description:  Grants permission to create a snapshot of all databases in a namespace
    • Access:  Write
    • Resources: 

      Name: snapshot

      Required: Yes

  • CreateUsageLimit
    • Description:  Grants permission to create a usage limit for a specified Amazon Redshift Serverless usage type
    • Access:  Write
  • CreateWorkgroup
    • Description:  Grants permission to create a workgroup in Amazon Redshift Serverless
    • Access:  Write
    • Resources: 

      Name: workgroup

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • DeleteEndpointAccess
    • Description:  Grants permission to delete an Amazon Redshift Serverless managed VPC endpoint
    • Access:  Write
    • Resources: 

      Name: endpointAccess

      Required: Yes

  • DeleteNamespace
    • Description:  Grants permission to delete a namespace from Amazon Redshift Serverless
    • Access:  Write
    • Resources: 

      Name: namespace

      Required: Yes

  • DeleteResourcePolicy
    • Description:  Grants permission to delete the specified resource policy
    • Access:  Write
  • DeleteSnapshot
    • Description:  Grants permission to delete a snapshot from Amazon Redshift Serverless
    • Access:  Write
    • Resources: 

      Name: snapshot

      Required: Yes

  • DeleteUsageLimit
    • Description:  Grants permission to delete a usage limit from Amazon Redshift Serverless
    • Access:  Write
  • DeleteWorkgroup
    • Description:  Grants permission to delete a workgroup
    • Access:  Write
    • Resources: 

      Name: workgroup

      Required: Yes

  • GetCredentials
    • Description:  Grants permission to get a database user name and temporary password with temporary authorization to log on to Amazon Redshift Serverless
    • Access:  Write
    • Resources: 

      Name: workgroup

      Required: Yes

  • GetEndpointAccess
    • Description:  Grants permission to create an Amazon Redshift Serverless managed VPC endpoint
    • Access:  Read
    • Resources: 

      Name: endpointAccess

      Required: Yes

  • GetNamespace
    • Description:  Grants permission to get information about a namespace in Amazon Redshift Serverless
    • Access:  Read
    • Resources: 

      Name: namespace

      Required: Yes

  • GetRecoveryPoint
    • Description:  Grants permission to get information about a recovery point
    • Access:  Read
    • Resources: 

      Name: recoveryPoint

      Required: Yes

  • GetResourcePolicy
    • Description:  Grants permission to get a resource policy
    • Access:  Read
  • GetSnapshot
    • Description:  Grants permission to get information about a specific snapshot
    • Access:  Read
    • Resources: 

      Name: snapshot

      Required: Yes

  • GetUsageLimit
    • Description:  Grants permission to get information about a usage limit in Amazon Redshift Serverless
    • Access:  Read
  • GetWorkgroup
    • Description:  Grants permission to get information about a specific workgroup
    • Access:  Read
    • Resources: 

      Name: workgroup

      Required: Yes

  • ListEndpointAccess
    • Description:  Grants permission to list EndpointAccess objects and relevant information
    • Access:  List
    • Resources: 

      Name: endpointAccess

      Required: Yes

  • ListNamespaces
    • Description:  Grants permission to list namespaces in Amazon Redshift Serverless
    • Access:  List
  • ListRecoveryPoints
    • Description:  Grants permission to list an array of recovery points
    • Access:  List
    • Resources: 

      Name: namespace

      Required: No

  • ListSnapshots
    • Description:  Grants permission to list snapshots
    • Access:  List
    • Resources: 

      Name: snapshot

      Required: Yes

  • ListTagsForResource
    • Description:  Grants permission to list the tags assigned to a resource
    • Access:  List
    • Resources: 

      Name: namespace

      Required: No

      Name: workgroup

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}

  • ListUsageLimits
    • Description:  Grants permission to list all usage limits within Amazon Redshift Serverless
    • Access:  List
  • ListWorkgroups
    • Description:  Grants permission to list workgroups in Amazon Redshift Serverless
    • Access:  List
  • PutResourcePolicy
    • Description:  Grants permission to create or update a resource policy
    • Access:  Write
  • RestoreFromRecoveryPoint
    • Description:  Grants permission to restore the data from a recovery point
    • Access:  Write
    • Resources: 

      Name: recoveryPoint

      Required: Yes

  • RestoreFromSnapshot
    • Description:  Grants permission to restore a namespace from a snapshot
    • Access:  Write
    • Resources: 

      Name: snapshot

      Required: Yes

  • TagResource
    • Description:  Grants permission to assign one or more tags to a resource
    • Access:  Tagging
    • Resources: 

      Name: namespace

      Required: No

      Name: workgroup

      Required: No

    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}

      aws:ResourceTag/${TagKey}

  • UntagResource
    • Description:  Grants permission to remove a tag or set of tags from a resource
    • Access:  Tagging
    • Resources: 

      Name: namespace

      Required: No

      Name: workgroup

      Required: No

    • Conditions: 

      aws:TagKeys

  • UpdateEndpointAccess
    • Description:  Grants permission to update an Amazon Redshift Serverless managed VPC endpoint
    • Access:  Write
    • Resources: 

      Name: endpointAccess

      Required: Yes

  • UpdateNamespace
    • Description:  Grants permission to update a namespace with the specified configuration settings
    • Access:  Write
    • Resources: 

      Name: namespace

      Required: Yes

  • UpdateSnapshot
    • Description:  Grants permission to update a snapshot
    • Access:  Write
    • Resources: 

      Name: snapshot

      Required: Yes

  • UpdateUsageLimit
    • Description:  Grants permission to update a usage limit in Amazon Redshift Serverless
    • Access:  Write
  • UpdateWorkgroup
    • Description:  Grants permission to update an Amazon Redshift Serverless workgroup with the specified configuration settings
    • Access:  Write
    • Resources: 

      Name: workgroup

      Required: Yes

    Resources
  • namespace
    • Arn:  arn:${Partition}:redshift-serverless:${Region}:${Account}:namespace/${NamespaceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • snapshot
    • Arn:  arn:${Partition}:redshift-serverless:${Region}:${Account}:snapshot/${SnapshotId}
  • workgroup
    • Arn:  arn:${Partition}:redshift-serverless:${Region}:${Account}:workgroup/${WorkgroupId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • recoveryPoint
    • Arn:  arn:${Partition}:redshift-serverless:${Region}:${Account}:recovery-point/${RecoveryPointId}
  • endpointAccess
    • Arn:  arn:${Partition}:redshift-serverless:${Region}:${Account}:managedvpcendpoint/${EndpointAccessId}