Hi,
I am trying to configure a scheduled query using Redshift Query Editor V2. However, I am facing an issue where I am unable to view the schedule history as I am faced with the following permission issue.
You don't have permission to view the scheduled query history. To view, add sts:AssumeRole for IAM role arn:aws:iam::000001:role/XXXXXXX-runner to your IAM role and add your IAM user ARN to the role's trust policy.
Bit confused as to what this permission requirement means. Which IAM role should I update with the sts:AssumeRole permission?
I have attached the following policy to the IAM users via the IAM group
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::000001:role/XXXXXXX-runner"
}
]
}
I followed this guide and updated the permissions as necessary -> https://docs.aws.amazon.com/redshift/latest/mgmt/query-editor-v2-schedule-query.html
Trust policy of the role used in the scheduled query (XXXXXXX-runner)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "redshift.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "AssumeRole",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::000001:user/user1@xxxx.com",
"arn:aws:iam::000001:user/user2@xxxx.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
Any guidance on how to troubleshoot this issue is much appreciated.
Thank You