stackoom
  简体   繁体   中英

Redshift Scheduler unable to create schedule

 原文  2021-06-28 16:20:09       amazon-web-services/ amazon-s3/ amazon-redshift

Question

My AWS has 2 different Users: admin , s3_readonly

I am the main admin and have 1 cluster in Redshift(cluster1). Now I am trying to schedule a query that just calls those procedures every hour (CALL <procedure_name>)

For this task, I have followed the official documentation from AWS ( Scheduling a query on the Amazon Redshift console - Amazon Redshift ) and to be exact this document steps ( Scheduling SQL queries on your Amazon Redshift data warehouse | AWS Big Data Blog ).

So I created new IAM role RedshiftScheduler , which has Redshift Customizable option and have attached AmazonRedshiftDataFullAccess to it. Then I edited the Trust relationship and added:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "redshift.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Sid": "S2",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<ACCOUNT_ID>:user/admin"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Sid": "S1",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

I then went back to my AWS user (admin) and attached a new policy granted with Assume Role permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "S3",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::<ACCOUNT_ID>:role/RedshiftScheduler"
        }
    ]
}

Now, I logged in to the Redshift cluster via AWS service. Used Temporary credentials to connect to cluster1 and user as dbuser . However, when I try to schedule the query it throws an error

To view the schedule history of this schedule, add sts:AssumeRole for IAM role arn:aws:iam::<ACCOUNT_ID>:role/RedshiftScheduler to your IAM role. You also need to add your IAM user ARN to the role's trust policy.

1 answers

solution1
 0  2022-03-11 17:42:05

You need to add your IAM user ARN to the role's trust policy like this

{
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<account #>:user/<admin username"
    },
    "Action": "sts:AssumeRole",
    "Condition": {}
}

after

{
    "Sid": "S1",
    "Effect": "Allow",
    "Principal": {
        "Service": "events.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cannot create a scheduler job without a schedule How do I create a schedule for a query using the Redshift Query editor v2? How to CREATE TABLE AS in redshift? CREATE MODEL with Redshift: Correlation Redshift COPY and create table automatically? Cloud Scheduler invokes Cloud Function more than once during schedule Create column based on values on another column in redshift How to create a table within a database in Redshift? Is there a way to CREATE/DROP groups in redshift with IF NOT EXISTS functionality? gcloud scheduler create jobs when already exist
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM