Posted On: Jan 12, 2021

You can now grant the privilege to run COPY and UNLOAD commands to specific users and groups in your Amazon Redshift cluster to create more fine-grained access control policy.

Amazon Redshift already allows COPY and UNLOAD commands to run with AWS Identity and Access Management (IAM) roles attached to the cluster, with the new AssumeRole privilege, you can restrict the users and groups who can run these commands. For example, you can grant only users or groups who need to run extract, transform, load (ETL), the AssumeRole privilege to access the IAM role needed to run COPY or UNLOAD commands, and revoke this privilege from all other users and groups.

For more information and examples, see granting AssumeRole in the Amazon Redshift Database developer Guide.