I have been using Redshift for a while using AWS Key ID and AWS Secret Key and learned that I can use IAM Role instead so I tried this sample COPY command:
copy users from 's3://awssampledbuswest2/tickit/allusers_pipe.txt'
credentials 'aws_iam_role=arn:aws:iam::xxxxxxxxxxx:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift' delimiter '|' region 'us-west-2';
But this resulted in the following error:
S3ServiceException:Access Denied,Status 403,Error AccessDenied,Rid 52F83B8923B08731,ExtRid uNsiJ1Xjk2WVufRo8/kfa7AxD1l82g7Dee35qr3TdhrFidpGoUSJiAx5yG7lh/gRKqG7Mkd1Tp4=,CanRetry 1
Not so sure how I can fix this in this. Given the error message, I am guessing I don't have the access permission of the S3 file which I should be able to fix by adding another role for the access? But isn't that supposed to be open to anyone?
Any help will be appreciated.
The S3ServiceException:Access Denied
error is indicating that the Role does not have sufficient permissions to access Amazon S3.
Start by creating a normal IAM Role ( not a Service-Linked Role ).
Then, assign permissions to the Role for ListBucket
and GetObject
on the desired bucket, such as:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::my-bucket"]
},
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::my-bucket/*"]
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.