Actions, resources, and condition keys for Amazon Redshift
Amazon Redshift (service prefix: redshift) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
Topics
Actions defined by Amazon Redshift
You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The Resource types column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the Resource element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The Condition keys column of the Actions table includes keys that you can specify in a policy statement's Condition element. For more information on the condition keys that are associated with resources for the service, see the Condition keys column of the Resource types table.
Note
Resource condition keys are listed in the Resource types table. You can find a link to the resource type that applies to an action in the Resource types (*required) column of the Actions table. The resource type in the Resource types table includes the Condition keys column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see Actions table.
| Actions | Description | Access level | Resource types (*required) | Condition keys | Dependent actions |
|---|---|---|---|---|---|
| AcceptReservedNodeExchange | Grants permission to exchange a DC1 reserved node for a DC2 reserved node with no changes to the configuration | Write | |||
| AddPartner | Grants permission to add a partner integration to a cluster | Write | |||
| AssociateDataShareConsumer | Grants permission to associate a consumer to a datashare | Write | |||
| AuthorizeClusterSecurityGroupIngress | Grants permission to add an inbound (ingress) rule to an Amazon Redshift security group | Write | |||
| AuthorizeDataShare | Grants permission to authorize the specified datashare consumer to consume a datashare | Permissions management | |||
| AuthorizeEndpointAccess | Grants permission to authorize endpoint related activities for redshift-managed vpc endpoint | Permissions management | |||
| AuthorizeInboundIntegration [permission only] | Grants permission to Amazon Redshift to continuously validate that the target data warehouse can receive data replicated from the source ARN | Write | |||
| AuthorizeSnapshotAccess | Grants permission to the specified AWS account to restore a snapshot | Permissions management | |||
| BatchDeleteClusterSnapshots | Grants permission to delete snapshots in a batch of size upto 100 | Write | |||
| BatchModifyClusterSnapshots | Grants permission to modify settings for a list of snapshots | Write | |||
| CancelQuery [permission only] | Grants permission to cancel a query through the Amazon Redshift console | Write | |||
| CancelQuerySession [permission only] | Grants permission to see queries in the Amazon Redshift console | Write | |||
| CancelResize | Grants permission to cancel a resize operation | Write | |||
| CopyClusterSnapshot | Grants permission to copy a cluster snapshot | Write | |||
| CreateAuthenticationProfile | Grants permission to create an Amazon Redshift authentication profile | Write | |||
| CreateCluster | Grants permission to create a cluster | Write |
kms:CreateGrant kms:Decrypt kms:DescribeKey kms:GenerateDataKey kms:RetireGrant secretsmanager:CreateSecret secretsmanager:DeleteSecret secretsmanager:DescribeSecret secretsmanager:GetRandomPassword secretsmanager:RotateSecret secretsmanager:TagResource secretsmanager:UpdateSecret |
||
| CreateClusterParameterGroup | Grants permission to create an Amazon Redshift parameter group | Write | |||
| CreateClusterSecurityGroup | Grants permission to create an Amazon Redshift security group | Write | |||
| CreateClusterSnapshot | Grants permission to create a manual snapshot of the specified cluster | Write | |||
| CreateClusterSubnetGroup | Grants permission to create an Amazon Redshift subnet group | Write | |||
| CreateClusterUser | Grants permission to automatically create the specified Amazon Redshift user if it does not exist | Permissions management | |||
| CreateCustomDomainAssociation | Grants permission to create a custom domain name for a cluster | Write |
acm:DescribeCertificate |
||
| CreateEndpointAccess | Grants permission to create a redshift-managed vpc endpoint | Write | |||
| CreateEventSubscription | Grants permission to create an Amazon Redshift event notification subscription | Write | |||
| CreateHsmClientCertificate | Grants permission to create an HSM client certificate that a cluster uses to connect to an HSM | Write | |||
| CreateHsmConfiguration | Grants permission to create an HSM configuration that contains information required by a cluster to store and use database encryption keys in a hardware security module (HSM) | Write | |||
| CreateInboundIntegration [permission only] | Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target data warehouse | Write | |||
| CreateIntegration | Grants permission to create an Amazon Redshift zero-ETL integration | Write |
kms:CreateGrant kms:DescribeKey |
||
| CreateQev2IdcApplication [permission only] | Grants permission to create a qev2 idc application | Write |
sso:CreateApplication sso:PutApplicationAccessScope sso:PutApplicationAuthenticationMethod sso:PutApplicationGrant |
||
| CreateRedshiftIdcApplication | Grants permission to create a redshift idc application | Write |
sso:CreateApplication sso:PutApplicationAccessScope sso:PutApplicationAuthenticationMethod sso:PutApplicationGrant |
||
| CreateSavedQuery [permission only] | Grants permission to create saved SQL queries through the Amazon Redshift console | Write | |||
| CreateScheduledAction | Grants permission to create an Amazon Redshift scheduled action | Write | |||
| CreateSnapshotCopyGrant | Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWS Region | Permissions management | |||
| CreateSnapshotSchedule | Grants permission to create a snapshot schedule | Write | |||
| CreateTags | Grants permission to add one or more tags to a specified resource | Tagging | |||
| CreateUsageLimit | Grants permission to create a usage limit | Write | |||
| DeauthorizeDataShare | Grants permission to remove permission from the specified datashare consumer to consume a datashare | Permissions management | |||
| DeleteAuthenticationProfile | Grants permission to delete an Amazon Redshift authentication profile | Write | |||
| DeleteCluster | Grants permission to delete a previously provisioned cluster | Write | |||
| DeleteClusterParameterGroup | Grants permission to delete an Amazon Redshift parameter group | Write | |||
| DeleteClusterSecurityGroup | Grants permission to delete an Amazon Redshift security group | Write | |||
| DeleteClusterSnapshot | Grants permission to delete a manual snapshot | Write | |||
| DeleteClusterSubnetGroup | Grants permission to delete a cluster subnet group | Write | |||
| DeleteCustomDomainAssociation | Grants permission to delete a custom domain name for a cluster | Write | |||
| DeleteEndpointAccess | Grants permission to delete a redshift-managed vpc endpoint | Write | |||
| DeleteEventSubscription | Grants permission to delete an Amazon Redshift event notification subscription | Write | |||
| DeleteHsmClientCertificate | Grants permission to delete an HSM client certificate | Write | |||
| DeleteHsmConfiguration | Grants permission to delete an Amazon Redshift HSM configuration | Write | |||
| DeleteIntegration | Grants permission to delete an Amazon Redshift zero-ETL integration | Write | |||
| DeletePartner | Grants permission to delete a partner integration from a cluster | Write | |||
| DeleteQev2IdcApplication [permission only] | Grants permission to delete a qev2 idc application | Write |
sso:DeleteApplication |
||
| DeleteRedshiftIdcApplication | Grants permission to delete a redshift idc application | Write |
sso:DeleteApplication |
||
| DeleteResourcePolicy | Grants permission to delete the resource policy for a specified resource | Permissions management | |||
| DeleteSavedQueries [permission only] | Grants permission to delete saved SQL queries through the Amazon Redshift console | Write | |||
| DeleteScheduledAction | Grants permission to delete an Amazon Redshift scheduled action | Write | |||
| DeleteSnapshotCopyGrant | Grants permission to delete a snapshot copy grant | Write | |||
| DeleteSnapshotSchedule | Grants permission to delete a snapshot schedule | Write | |||
| DeleteTags | Grants permission to delete a tag or tags from a resource | Tagging | |||
| DeleteUsageLimit | Grants permission to delete a usage limit | Write | |||
| DeregisterNamespace | Grants permission to deregister the specified namespace from a consumer | Write | |||
| DescribeAccountAttributes | Grants permission to describe attributes attached to the specified AWS account | Read | |||
| DescribeAuthenticationProfiles | Grants permission to describe created Amazon Redshift authentication profiles | Read | |||
| DescribeClusterDbRevisions | Grants permission to describe database revisions for a cluster | List | |||
| DescribeClusterParameterGroups | Grants permission to describe Amazon Redshift parameter groups, including parameter groups you created and the default parameter group | Read | |||
| DescribeClusterParameters | Grants permission to describe parameters contained within an Amazon Redshift parameter group | Read | |||
| DescribeClusterSecurityGroups | Grants permission to describe Amazon Redshift security groups | Read | |||
| DescribeClusterSnapshots | Grants permission to describe one or more snapshot objects, which contain metadata about your cluster snapshots | Read | |||
| DescribeClusterSubnetGroups | Grants permission to describe one or more cluster subnet group objects, which contain metadata about your cluster subnet groups | Read | |||
| DescribeClusterTracks | Grants permission to describe available maintenance tracks | List | |||
| DescribeClusterVersions | Grants permission to describe available Amazon Redshift cluster versions | Read | |||
| DescribeClusters | Grants permission to describe properties of provisioned clusters | List | |||
| DescribeCustomDomainAssociations | Grants permission to describe custom domain names for a cluster | List | |||
| DescribeDataShares | Grants permission to describe datashares created and consumed by your clusters | Read | |||
| DescribeDataSharesForConsumer | Grants permission to describe only datashares consumed by your clusters | Read | |||
| DescribeDataSharesForProducer | Grants permission to describe only datashares created by your clusters | Read | |||
| DescribeDefaultClusterParameters | Grants permission to describe parameter settings for a parameter group family | Read | |||
| DescribeEndpointAccess | Grants permission to describe redshift-managed vpc endpoints | Read | |||
| DescribeEndpointAuthorization | Grants permission to authorize describe activity for redshift-managed vpc endpoint | List | |||
| DescribeEventCategories | Grants permission to describe event categories for all event source types, or for a specified source type | Read | |||
| DescribeEventSubscriptions | Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWS account | Read | |||
| DescribeEvents | Grants permission to describe events related to clusters, security groups, snapshots, and parameter groups for the past 14 days | List | |||
| DescribeHsmClientCertificates | Grants permission to describe HSM client certificates | Read | |||
| DescribeHsmConfigurations | Grants permission to describe Amazon Redshift HSM configurations | Read | |||
| DescribeInboundIntegrations | Grants permission to list the inbound integrations | List | |||
| DescribeIntegrations | Grants permission to describe an Amazon Redshift zero-ETL integration | List | |||
| DescribeLoggingStatus | Grants permission to describe whether information, such as queries and connection attempts, is being logged for a cluster | Read | |||
| DescribeNodeConfigurationOptions | Grants permission to describe properties of possible node configurations such as node type, number of nodes, and disk usage for the specified action type | List | |||
| DescribeOrderableClusterOptions | Grants permission to describe orderable cluster options | Read | |||
| DescribePartners | Grants permission to retrieve information about the partner integrations defined for a cluster | Read | |||
| DescribeQev2IdcApplications [permission only] | Grants permission to describe qev2 idc applications | List | |||
| DescribeQuery [permission only] | Grants permission to describe a query through the Amazon Redshift console | Read | |||
| DescribeRedshiftIdcApplications | Grants permission to describe redshift idc applications | List |
sso:GetApplicationGrant sso:ListApplicationAccessScopes |
||
| DescribeReservedNodeExchangeStatus | Grants permission to describe exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested | Read | |||
| DescribeReservedNodeOfferings | Grants permission to describe available reserved node offerings by Amazon Redshift | Read | |||
| DescribeReservedNodes | Grants permission to describe the reserved nodes | Read | |||
| DescribeResize | Grants permission to describe the last resize operation for a cluster | Read | |||
| DescribeSavedQueries [permission only] | Grants permission to describe saved queries through the Amazon Redshift console | Read | |||
| DescribeScheduledActions | Grants permission to describe created Amazon Redshift scheduled actions | Read | |||
| DescribeSnapshotCopyGrants | Grants permission to describe snapshot copy grants owned by the specified AWS account in the destination AWS Region | Read | |||
| DescribeSnapshotSchedules | Grants permission to describe snapshot schedules | Read | |||
| DescribeStorage | Grants permission to describe account level backups storage size and provisional storage | Read | |||
| DescribeTable [permission only] | Grants permission to describe a table through the Amazon Redshift console | Read | |||
| DescribeTableRestoreStatus | Grants permission to describe status of one or more table restore requests made using the RestoreTableFromClusterSnapshot API action | Read | |||
| DescribeTags | Grants permission to describe tags | Read | |||
| DescribeUsageLimits | Grants permission to describe usage limits | Read | |||
| DisableLogging | Grants permission to disable logging information, such as queries and connection attempts, for a cluster | Write | |||
| DisableSnapshotCopy | Grants permission to disable the automatic copy of snapshots for a cluster | Write | |||
| DisassociateDataShareConsumer | Grants permission to disassociate a consumer from a datashare | Write | |||
| EnableLogging | Grants permission to enable logging information, such as queries and connection attempts, for a cluster | Write | |||
| EnableSnapshotCopy | Grants permission to enable the automatic copy of snapshots for a cluster | Write | |||
| ExecuteQuery [permission only] | Grants permission to execute a query through the Amazon Redshift console | Write | |||
| FailoverPrimaryCompute | Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ | Write | |||
| FetchResults [permission only] | Grants permission to fetch query results through the Amazon Redshift console | Read | |||
| GetClusterCredentials | Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWS account | Write | |||
| GetClusterCredentialsWithIAM | Grants permission to get enhanced temporary credentials to access an Amazon Redshift database by the specified AWS account | Write | |||
| GetReservedNodeExchangeConfigurationOptions | Grants permission to get the configuration options for the reserved-node exchange | Read | |||
| GetReservedNodeExchangeOfferings | Grants permission to get an array of DC2 ReservedNodeOfferings that matches the payment type, term, and usage price of the given DC1 reserved node | Read | |||
| GetResourcePolicy | Grants permission to get the resource policy for a specified resource | Read | |||
| JoinGroup | Grants permission to join the specified Amazon Redshift group | Permissions management | |||
| ListDatabases [permission only] | Grants permission to list databases through the Amazon Redshift console | List | |||
| ListRecommendations | Grants permission to list Advisor recommendations | List | |||
| ListSavedQueries [permission only] | Grants permission to list saved queries through the Amazon Redshift console | List | |||
| ListSchemas [permission only] | Grants permission to list schemas through the Amazon Redshift console | List | |||
| ListTables [permission only] | Grants permission to list tables through the Amazon Redshift console | List | |||
| ModifyAquaConfiguration | Grants permission to modify the AQUA configuration of a cluster | Write | |||
| ModifyAuthenticationProfile | Grants permission to modify an existing Amazon Redshift authentication profile | Write | |||
| ModifyCluster | Grants permission to modify the settings of a cluster | Write |
acm:DescribeCertificate kms:CreateGrant kms:Decrypt kms:DescribeKey kms:GenerateDataKey kms:RetireGrant secretsmanager:CreateSecret secretsmanager:DeleteSecret secretsmanager:DescribeSecret secretsmanager:GetRandomPassword secretsmanager:RotateSecret secretsmanager:TagResource secretsmanager:UpdateSecret |
||
| ModifyClusterDbRevision | Grants permission to modify the database revision of a cluster | Write | |||
| ModifyClusterIamRoles | Grants permission to modify the list of AWS Identity and Access Management (IAM) roles that can be used by a cluster to access other AWS services | Permissions management | |||
| ModifyClusterMaintenance | Grants permission to modify the maintenance settings of a cluster | Write | |||
| ModifyClusterParameterGroup | Grants permission to modify the parameters of a parameter group | Write | |||
| ModifyClusterSnapshot | Grants permission to modify the settings of a snapshot | Write | |||
| ModifyClusterSnapshotSchedule | Grants permission to modify a snapshot schedule for a cluster | Write | |||
| ModifyClusterSubnetGroup | Grants permission to modify a cluster subnet group to include the specified list of VPC subnets | Write | |||
| ModifyCustomDomainAssociation | Grants permission to modify a custom domain name for a cluster | Write |
acm:DescribeCertificate |
||
| ModifyEndpointAccess | Grants permission to modify a redshift-managed vpc endpoint | Write | |||
| ModifyEventSubscription | Grants permission to modify an existing Amazon Redshift event notification subscription | Write | |||
| ModifyIntegration | Grants permission to modify an Amazon Redshift zero-ETL integration | Write | |||
| ModifyQev2IdcApplication [permission only] | Grants permission to modify a qev2 idc application | Write |
sso:UpdateApplication |
||
| ModifyRedshiftIdcApplication | Grants permission to modify a redshift idc application | Write |
sso:DeleteApplicationAccessScope sso:DeleteApplicationGrant sso:GetApplicationGrant sso:ListApplicationAccessScopes sso:PutApplicationAccessScope sso:PutApplicationGrant sso:UpdateApplication |
||
| ModifySavedQuery [permission only] | Grants permission to modify an existing saved query through the Amazon Redshift console | Write | |||
| ModifyScheduledAction | Grants permission to modify an existing Amazon Redshift scheduled action | Write | |||
| ModifySnapshotCopyRetentionPeriod | Grants permission to modify the number of days to retain snapshots in the destination AWS Region after they are copied from the source AWS Region | Write | |||
| ModifySnapshotSchedule | Grants permission to modify a snapshot schedule | Write | |||
| ModifyUsageLimit | Grants permission to modify a usage limit | Write | |||
| PauseCluster | Grants permission to pause a cluster | Write | |||
| PurchaseReservedNodeOffering | Grants permission to purchase a reserved node | Write | |||
| PutResourcePolicy | Grants permission to update the resource policy for a specified resource | Permissions management | |||
| RebootCluster | Grants permission to reboot a cluster | Write | |||
| RegisterNamespace | Grants permission to register the specified namespace to a consumer | Write | |||
| RejectDataShare | Grants permission to decline a datashare shared from another account | Permissions management | |||
| ResetClusterParameterGroup | Grants permission to set one or more parameters of a parameter group to their default values and set the source values of the parameters to "engine-default" | Write | |||
| ResizeCluster | Grants permission to change the size of a cluster | Write | |||
| RestoreFromClusterSnapshot | Grants permission to create a cluster from a snapshot | Write |
kms:CreateGrant kms:Decrypt kms:DescribeKey kms:GenerateDataKey kms:RetireGrant secretsmanager:CreateSecret secretsmanager:DeleteSecret secretsmanager:DescribeSecret secretsmanager:GetRandomPassword secretsmanager:RotateSecret secretsmanager:TagResource secretsmanager:UpdateSecret |
||
| RestoreTableFromClusterSnapshot | Grants permission to create a table from a table in an Amazon Redshift cluster snapshot | Write | |||
| ResumeCluster | Grants permission to resume a cluster | Write | |||
| RevokeClusterSecurityGroupIngress | Grants permission to revoke an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group | Write | |||
| RevokeEndpointAccess | Grants permission to revoke access for endpoint related activities for redshift-managed vpc endpoint | Permissions management | |||
| RevokeSnapshotAccess | Grants permission to revoke access from the specified AWS account to restore a snapshot | Permissions management | |||
| RotateEncryptionKey | Grants permission to rotate an encryption key for a cluster | Write | |||
| UpdatePartnerStatus | Grants permission to update the status of a partner integration | Write | |||
| ViewQueriesFromConsole [permission only] | Grants permission to view query results through the Amazon Redshift console | List | |||
| ViewQueriesInConsole [permission only] | Grants permission to terminate running queries and loads through the Amazon Redshift console | List |
Resource types defined by Amazon Redshift
The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see Resource types table.
| Resource types | ARN | Condition keys |
|---|---|---|
| cluster |
arn:${Partition}:redshift:${Region}:${Account}:cluster:${ClusterName}
|
|
| datashare |
arn:${Partition}:redshift:${Region}:${Account}:datashare:${ProducerClusterNamespace}/${DataShareName}
|
|
| dbgroup |
arn:${Partition}:redshift:${Region}:${Account}:dbgroup:${ClusterName}/${DbGroup}
|
|
| dbname |
arn:${Partition}:redshift:${Region}:${Account}:dbname:${ClusterName}/${DbName}
|
|
| dbuser |
arn:${Partition}:redshift:${Region}:${Account}:dbuser:${ClusterName}/${DbUser}
|
|
| eventsubscription |
arn:${Partition}:redshift:${Region}:${Account}:eventsubscription:${EventSubscriptionName}
|
|
| hsmclientcertificate |
arn:${Partition}:redshift:${Region}:${Account}:hsmclientcertificate:${HSMClientCertificateId}
|
|
| hsmconfiguration |
arn:${Partition}:redshift:${Region}:${Account}:hsmconfiguration:${HSMConfigurationId}
|
|
| integration |
arn:${Partition}:redshift:${Region}:${Account}:integration:${IntegrationIdentifier}
|
|
| namespace |
arn:${Partition}:redshift:${Region}:${Account}:namespace:${ClusterNamespace}
|
|
| parametergroup |
arn:${Partition}:redshift:${Region}:${Account}:parametergroup:${ParameterGroupName}
|
|
| securitygroup |
arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}
|
|
| securitygroupingress-cidr |
arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange}
|
|
| securitygroupingress-ec2securitygroup |
arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId}
|
|
| snapshot |
arn:${Partition}:redshift:${Region}:${Account}:snapshot:${ClusterName}/${SnapshotName}
|
|
| snapshotcopygrant |
arn:${Partition}:redshift:${Region}:${Account}:snapshotcopygrant:${SnapshotCopyGrantName}
|
|
| snapshotschedule |
arn:${Partition}:redshift:${Region}:${Account}:snapshotschedule:${ScheduleIdentifier}
|
|
| subnetgroup |
arn:${Partition}:redshift:${Region}:${Account}:subnetgroup:${SubnetGroupName}
|
|
| usagelimit |
arn:${Partition}:redshift:${Region}:${Account}:usagelimit:${UsageLimitId}
|
|
| redshiftidcapplication |
arn:${Partition}:redshift:${Region}:${Account}:redshiftidcapplication:${RedshiftIdcApplicationId}
|
|
| qev2idcapplication |
arn:${Partition}:redshift:${Region}:${Account}:qev2idcapplication:${Qev2IdcApplicationId}
|
Condition keys for Amazon Redshift
Amazon Redshift defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see Condition keys table.
To view the global condition keys that are available to all services, see Available global condition keys.
| Condition keys | Description | Type |
|---|---|---|
| aws:RequestTag/${TagKey} | Filters access by actions based on the allowed set of values for each of the tags | String |
| aws:ResourceTag/${TagKey} | Filters access by actions based on tag-value associated with the resource | String |
| aws:TagKeys | Filters access by actions based on the presence of mandatory tags in the request | ArrayOfString |
| redshift:AllowWrites | Filters access by the allowWrites input parameter | Bool |
| redshift:ConsumerArn | Filters access by the datashare consumer arn | ARN |
| redshift:ConsumerIdentifier | Filters access by the datashare consumer | String |
| redshift:DbName | Filters access by the database name | String |
| redshift:DbUser | Filters access by the database user name | String |
| redshift:DurationSeconds | Filters access by the number of seconds until a temporary credential set expires | String |
| redshift:InboundIntegrationArn | Filters access by the ARN of an inbound zero-ETL Integration resource | ARN |
| redshift:IntegrationSourceArn | Filters access by the ARN of a zero-ETL Integration source | ARN |
| redshift:IntegrationTargetArn | Filters access by the ARN of a zero-ETL Integration target | ARN |
