What is the benefit of associating multiple roles with a namespace in Redshift serverless?


According to the docs HERE, I can't understand why should I associate multiple role with a namespace? Anyone know, please help

You can associate multiple roles to a namespace using the console, as described previously in this section. You can also use the API command CreateNamespace, or the CLI command create-namespace. With the API or CLI command, you can assign IAM roles to the namespace by populating IAMRoles with one or more roles. Specifically, you add ARNs for specific roles to the collection.
demandé il y a un an539 vues
2 réponses
Réponse acceptée

Having granular Roles with its Policy granting access to specific AWS services will provide you granular control over user privileges. For example you have a role that allows Amazon SageMaker access, and another role that allows Amazon S3 access.

If a single role provides both access then everyone who gets access to Amazon S3 also gets access to Amazon SageMaker. You might want to control your costs individually and thus choose granular roles.

In the SQL command users will specify which role to use for that particular command. Or you can set one, say Amazon S3 role as default role assuming everyone needs S3 access and anyone using the Amazon Redshift ML feature using Amazon SageMaker will explicitly specify the other role in the SQL command.

profile pictureAWS
répondu il y a un an

Amazon Redshift needs IAM authorization to interact with other AWS services such as Amazon S3 data lake, AWS Lakeformation, Amazon Sagemaker etc. IAM authorization is provided to Amazon Redshift serverless using the IAM policies attached to the namespace.

You can use one IAM policy with all required permissions for Redshift, or you can organize the permissions into multiple IAM policies and attach them to the namespace. As of today, you can attach upto 10 IAM policies.

répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions