Connections > Amazon Redshift V2 connection properties > Create a minimal Amazon IAM policy

Create a minimal Amazon IAM policy

To stage the data in Amazon S3, you need to create an IAM policy with the minimum required permissions to access the S3 resources.

You can either attach the policy to the IAM user and generate the S3 access key ID and S3 secret access keys to access S3 resources. Or, if you have an EC2 instance, you can assign the minimum policy to the EC2 instance to access the S3 bucket for staging.

You need the following minimum required permissions in the policy:

•PutObject
•GetObject
•DeleteObject
•ListBucket
•ListBucketMultipartUploads. Applicable only for mappings in advanced mode.

You can use the following sample Amazon IAM policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::<bucket_name>/*",
"arn:aws:s3:::<bucket_name>"
]
}
]
}

For mappings in advanced mode, you can use different AWS accounts within the same AWS region in the source and target connection. Make sure that the Amazon IAM policy confirms access to the AWS accounts specified in mappings.

Note: The Test Connection does not validate the IAM policy assigned to users. Hence, ensure that the policy assigned to the user is valid.