Redshift Cross Account IAM Role Setup

In this article

Key Components

There are three key components involved with the Redshift Bulk Snaps.

  • EC2 Instance

  • Redshift Cluster

  • S3

These components can reside in the same AWS account or different accounts. After executing the Pipeline, these components perform the following operations:

  • EC2: Archives input data and writes the data into the specified S3 bucket/folder.

    ABC.csv.gz -> s3://swat-3032/datalake/raw

  • Redshift Cluster: Copies the data from S3 to a Redshift temporary table using the COPY command.

    COPY "public"."swat3032_update_temp_table_XYZ" ("id", "name", "price")
    FROM 's3://swat-3032/datalake/raw/Redshift_load_temp/ABC.csv.gz'
    CREDENTIALS '...'

  • S3: Loads the data from temporary table to a target table. For the Upsert Snap this will be an UPDATE followed by an INSERT operation.

For more information about the operation that is done by each component, you can inspect the queries in the Redshift console.

Configuring Redshift Cross Account with IAM Role

The following flow chart illustrates the cross-account roles that you should configure for each key component.

 

 

The values in the legend indicate the values that you can use in your account configuration.

 

 

 

 

Read and Write policies