adding iam access roles to redshift

RedShift requires IAM roles to be associated with it for provisioned access to the database cluster.

This is a great feature; however, for some reason the user interface within the AWS console won't always update with available IAM roles to associate to the cluster.

Resources

Here are a few resources about RedShift IAM access, provisioning, and default roles.

• IAM policies for RedShift
• Associating an IAM role to RedShift clusters (new/original console)
• RedShift AWS CLI commands
• Creating a default RedShift IAM role
• Authorizing RedShift to access AWS services

Terraform

One way around this is to utilize a tool like Terraform, wherein your roles are associated at the module/resource level, but this is effectively the same as using the AWS CLI tool.

Note: As of Terraform version 4.5.0 it doesn't seem that default IAM roles are assignable within the resource module.

Example Terraform resource:

resource "aws_redshift_cluster" "my_example_cluster" {
  # a bunch of config here
  # ...
  iam_roles = [
    "role-1",
    "role-2",
    "role-3",
    "...",
    "role-n"
  ]
}

AWS CLI

The AWS CLI also has a method for getting around this UI issue, so long as you're certain the role that will be associated has the properly configured access credentials.

Here's a link to the documentation on the CLI command

Note: This will require your local credentials/config to be set in the place that you're running this command from.

Example command to add a role to the RedShift cluster:

aws redshift modify-cluster-iam-roles \
    --cluster-identifier my_example_cluster
    --add-iam-roles arn:aws:iam::123567891012:role/my-role-group/my-role-name