What is the benefit of associating multiple roles with a namespace in Redshift serverless?


According to the docs HERE, I can't understand why should I associate multiple role with a namespace? Anyone know, please help

You can associate multiple roles to a namespace using the console, as described previously in this section. You can also use the API command CreateNamespace, or the CLI command create-namespace. With the API or CLI command, you can assign IAM roles to the namespace by populating IAMRoles with one or more roles. Specifically, you add ARNs for specific roles to the collection.
질문됨 일 년 전540회 조회
2개 답변
수락된 답변

Having granular Roles with its Policy granting access to specific AWS services will provide you granular control over user privileges. For example you have a role that allows Amazon SageMaker access, and another role that allows Amazon S3 access.

If a single role provides both access then everyone who gets access to Amazon S3 also gets access to Amazon SageMaker. You might want to control your costs individually and thus choose granular roles.

In the SQL command users will specify which role to use for that particular command. Or you can set one, say Amazon S3 role as default role assuming everyone needs S3 access and anyone using the Amazon Redshift ML feature using Amazon SageMaker will explicitly specify the other role in the SQL command.

profile pictureAWS
답변함 일 년 전

Amazon Redshift needs IAM authorization to interact with other AWS services such as Amazon S3 data lake, AWS Lakeformation, Amazon Sagemaker etc. IAM authorization is provided to Amazon Redshift serverless using the IAM policies attached to the namespace.

You can use one IAM policy with all required permissions for Redshift, or you can organize the permissions into multiple IAM policies and attach them to the namespace. As of today, you can attach upto 10 IAM policies.

답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠