Amazon Redshift now supports using IAM roles with COPY and UNLOAD commands

Posted on: Mar 29, 2016

You can now assign one or more AWS Identity and Access Management (IAM) roles to your Amazon Redshift cluster for data loading and exporting. Amazon Redshift assumes the assigned IAM roles when you load data into your cluster using the COPY command or export data from your cluster using the UNLOAD command. It uses the resulting credentials to access other AWS services, such as Amazon S3, securely during these operations. IAM roles enhance security of your cluster and simplify data loading and exporting by eliminating the need for you to embed AWS access credentials within SQL commands. They also enable your cluster to periodically re-assume an IAM role during long-running operations. Handling of data encryption keys for COPY and UNLOAD commands remains unchanged.

For more information and examples, see Authorizing COPY and UNLOAD Operations Using IAM Roles in the Amazon Redshift Cluster Management Guide.​