Posted On: Nov 18, 2021

Amazon Redshift now simplifies the use of other services such as Amazon S3, Amazon SageMaker, AWS Lambda, Amazon Aurora, and AWS Glue by allowing customers to create an IAM role from the Redshift console and assigning it as the default IAM role while creating an Amazon Redshift cluster. The default IAM role helps simplify SQL operations such as COPY, UNLOAD, CREATE, EXTERNAL FUNCTION, CREATE EXTERNAL TABLE, CREATE EXTERNAL SCHEMA, CREATE MODEL, or CREATE LIBRARY that accesses other AWS services by eliminating the need to specify the Amazon Resource Name (ARN) for the IAM role .

Amazon Redshift now provides a new managed IAM policy AmazonRedshiftAllCommandsFullAccess policy that has required privileges to use other related services such as S3, SageMaker, Lambda, Aurora, and Glue. This policy is used for creating the default IAM role with Amazon Redshift console. The end users can use the default IAM role with COPY, UNLOAD, CREATE, EXTERNAL FUNCTION, CREATE EXTERNAL TABLE, CREATE EXTERNAL SCHEMA, CREATE MODEL, or CREATE LIBRARY commands by specifying IAM_ROLE with DEFAULT keyword without having to specify ARN for the IAM role. 

This feature is now available in all AWS commercial regions except eu-south-1, af-south-1, and ap-northeast-3. You can find more information about the IAM role from the Redshift cluster management guide.