Basically, I am trying to add permissions for AWS redshift. But AWS provides permissions under two headings, that is, redshift and redshift-data.
For example, if I want to have permissions of ListDatabases, then aws provides two permissions, one is redshift:ListDatabases and another is redshift-data:ListDatabases, not sure which one I should use.
Somewhere I read that redshift gives access for "Amazon Redshift console" and "redshift-data" gives access for "Cluster". Not sure what does that mean.
CodePudding user response:
To explain the differene, lets consider the SDK clients. Notice two clients:
- RedshiftClient
- RedshiftDataClient
The RedshiftClient lets you manage Amazon Redshift clusters such as creating clusters, deleting clusters and so on.
The RedshiftDataClient lets you perform CRUD operations on the database. For example, insert operations using the executeStatement method.
That is the main difference. One lets you manage clusters and the other lets you perform CRUD operations.