In order to access S3 data through spectrum, I need to create an IAM role as explained here...
(为了通过频谱访问S3数据,我需要创建一个IAM角色,如此处所述...)
https://docs.aws.amazon.com/redshift/latest/mgmt/authorizing-redshift-service.html
(https://docs.aws.amazon.com/redshift/latest/mgmt/authorizing-redshift-service.html)
The newly created IAM role needs to be attached to redshift instance.
(新创建的IAM角色需要附加到redshift实例。)
https://docs.aws.amazon.com/redshift/latest/mgmt/copy-unload-iam-role.html#copy-unload-iam-role-associating-with-clusters
(https://docs.aws.amazon.com/redshift/latest/mgmt/copy-unload-iam-role.html#copy-unload-iam-role-associating-with-clusters)
I have managed to complete all the steps successfully.
(我已经成功地完成了所有步骤。)
But I will like to know if a cloudformation template can be written that will be do the needful quickly. (但是我想知道是否可以编写一个cloudformation模板,该模板可以快速完成需要的工作。)
Here is relevant code that I have extracted. (这是我提取的相关代码。)
I am not sure how to put is in correct syntax. (我不确定如何使用正确的语法。)
Step 1
(步骤1)
{
"Tags": [],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "redshift.amazonaws.com"
}
}
]
},
"RoleId": "AROAJWJGDMYIHSSTPZ6I6CM",
"CreateDate": "2017-05-15T05:34:46Z",
"InstanceProfileList": [],
"RoleName": "RedshiftCopyUnload",
"Path": "/",
"AttachedManagedPolicies": [
{
"PolicyName": "AmazonAthenaFullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess"
},
{
"PolicyName": "AmazonS3ReadOnlyAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
},
{
"PolicyName": "AWSGlueConsoleFullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess"
}
],
"RolePolicyList": [],
"Arn": "arn:aws:iam::123456789012:role/RedshiftCopyUnload"
}
Step 2
(第2步)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "redshift:DescribeClusters",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"redshift:ModifyClusterIamRoles",
"redshift:CreateCluster"
],
"Resource": [
"arn:aws:redshift:us-east-1:123456789012:cluster:my-redshift-cluster",
"arn:aws:redshift:us-east-1:123456789012:cluster:cluster:my-second-redshift-cluster"
]
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::123456789012:role/MyRedshiftRole",
"arn:aws:iam::123456789012:role/SecondRedshiftRole",
"arn:aws:iam::123456789012:role/ThirdRedshiftRole"
]
}
]
}
Update: will the following cloudformation template correctly create the role mentioned in step 1?
(更新:以下cloudformation模板会正确创建步骤1中提到的角色吗?)
{
"Resources": {
"NewRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"redshift.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"RoleName": "RedshiftCopyUnload",
"Path": "/",
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonAthenaFullAccess",
"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
"arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess"
]
}
}
}
}
ask by shantanuo translate from so