03/14/2022 11:56 | Category: redshift

Tags: awsredshiftiamaws_cliterraformdba

adding iam access roles to redshift

RedShift requires IAM roles to be associated with it for provisioned access to the database cluster.

This is a great feature; however, for some reason the user interface within the AWS console won't always update with available IAM roles to associate to the cluster.


Here are a few resources about RedShift IAM access, provisioning, and default roles.


One way around this is to utilize a tool like Terraform, wherein your roles are associated at the module/resource level, but this is effectively the same as using the AWS CLI tool.

Note: As of Terraform version 4.5.0 it doesn't seem that default IAM roles are assignable within the resource module.

Example Terraform resource:

resource "aws_redshift_cluster" "my_example_cluster" {
  # a bunch of config here
  # ...
  iam_roles = [


The AWS CLI also has a method for getting around this UI issue, so long as you're certain the role that will be associated has the properly configured access credentials.

Here's a link to the documentation on the CLI command

Note: This will require your local credentials/config to be set in the place that you're running this command from.

Example command to add a role to the RedShift cluster:

aws redshift modify-cluster-iam-roles \
    --cluster-identifier my_example_cluster
    --add-iam-roles arn:aws:iam::123567891012:role/my-role-group/my-role-name