I'm trying to grant iam users to view redshift serverless but I get this errors when view the redshift page with my iam users:
User: arn:aws:iam::XXXXXX:user/milad is not authorized to perform: redshift-serverless:ListSnapshots because no identity-based policy allows the redshift-serverless:ListSnapshots action
User: arn:aws:iam::XXXXXX:user/milad is not authorized to perform: redshift-serverless:DescribeConfiguration because no identity-based policy allows the redshift-serverless:DescribeConfiguration action
User: arn:aws:iam::XXXXX:user/milad is not authorized to perform: redshift-serverless:GetCredentials because no identity-based policy allows the redshift-serverless:GetCredentials action
However I can't create a policy like
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "redshift-serverless:*",
"Resource": "*"
}
]
}
Because redshift-serverless is an invalid action. I couldn't figure out what is the valid action for redshift serverless.
If I replace Action to "Action": "*" my users get access but ofc I won't want to grant them full access!
I did find Redshift serverless security doc but didn't really understand it
I think that your policy might be correct, just create it and use it.
IAM might be throwing this error which in does in my case:
As Redshift serverless is still in preview, it is not yet recognized by iam, don't be thrown off by IAM not recognizing the service.
Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_policies.html?icmpid=docs_iam_console#troubleshoot_policies-unrecognized-visual