Redshift

Requirements

Name

Description

Grant Teleskope IAM Access to Redshift

Attach the AmazonRedshiftDataFullAccess and AmazonRedshiftReadOnlyAccess to the Teleskope role you created.

Terraform

resource "aws_iam_role_policy_attachment" "redshift_data_policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess"
}

resource "aws_iam_role_policy_attachment" "redshift__policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess"
}

Teleskope Database User

For each Redshift cluster you would like to scan using Teleskope, you will need to create a database user, and grant that user read permissions.

Create database user

CREATE USER teleskope WITH PASSWORD  '****PASSWORD****'

Grant read access

GRANT SELECT ON svv_all_schemas TO teleskope_ro;
GRANT SELECT ON svv_table_info TO teleskope_ro;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog


-- Grant select to each Redshift schema
GRANT USAGE ON SCHEMA {schema} TO teleskope;
GRANT SELECT ON ALL TABLES IN SCHEMA {schema} TO teleskope;

Grant write access

For each redshift schema:

GRANT UPDATE, DELETE ON ALL TABLES IN SCHEMA {schema} TO teleskope;

PreviousDynamoDB NextS3

Last updated 1 month ago