# Actions, resources, and condition keys for Amazon Redshift
Amazon Redshift (service prefix: `redshift`) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
+ Learn how to [configure this service](https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html).
+ View a list of the [API operations available for this service](https://docs.aws.amazon.com/redshift/latest/APIReference/).
+ Learn how to secure this service and its resources by [using IAM](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-authentication-access-control.html) permission policies.
**Topics**
+ [Actions defined by Amazon Redshift](#amazonredshift-actions-as-permissions)
+ [Resource types defined by Amazon Redshift](#amazonredshift-resources-for-iam-policies)
+ [Condition keys for Amazon Redshift](#amazonredshift-policy-keys)
## Actions defined by Amazon Redshift
You can specify the following actions in the `Action` element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The **Access level** column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see [Access levels in policy summaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html).
The **Resource types** column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("\*") to which the policy applies in the `Resource` element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (\*). If you limit resource access with the `Resource` element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The **Condition keys** column of the Actions table includes keys that you can specify in a policy statement's `Condition` element. For more information on the condition keys that are associated with resources for the service, see the **Condition keys** column of the Resource types table.
The **Dependent actions** column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.
**Note**
Resource condition keys are listed in the [Resource types](#amazonredshift-resources-for-iam-policies) table. You can find a link to the resource type that applies to an action in the **Resource types (\*required)** column of the Actions table. The resource type in the Resource types table includes the **Condition keys** column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see [Actions table](reference_policies_actions-resources-contextkeys.html#actions_table).
****
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AcceptReservedNodeExchange.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AcceptReservedNodeExchange.html) **
- **Description:** Grants permission to exchange a DC1 reserved node for a DC2 reserved node with no changes to the configuration
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AddPartner.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AddPartner.html) **
- **Description:** Grants permission to add a partner integration to a cluster
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AssociateDataShareConsumer.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AssociateDataShareConsumer.html) **
- **Description:** Grants permission to associate a consumer to a datashare
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-datashare](#amazonredshift-datashare) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_ConsumerArn](#amazonredshift-redshift_ConsumerArn)
[#amazonredshift-redshift_AllowWrites](#amazonredshift-redshift_AllowWrites) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeClusterSecurityGroupIngress.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeClusterSecurityGroupIngress.html) **
- **Description:** Grants permission to add an inbound (ingress) rule to an Amazon Redshift security group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeDataShare.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeDataShare.html) **
- **Description:** Grants permission to authorize the specified datashare consumer to consume a datashare
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-datashare](#amazonredshift-datashare) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_ConsumerIdentifier](#amazonredshift-redshift_ConsumerIdentifier)
[#amazonredshift-redshift_AllowWrites](#amazonredshift-redshift_AllowWrites) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeEndpointAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeEndpointAccess.html) **
- **Description:** Grants permission to authorize endpoint related activities for redshift-managed vpc endpoint
- **Access level:** Permissions management
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html](https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html) [permission only]**
- **Description:** Grants permission to Amazon Redshift to continuously validate that the target namespace can receive data replicated from the source ARN
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html) **
- **Description:** Grants permission to the specified AWS account to restore a snapshot
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchDeleteClusterSnapshots.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchDeleteClusterSnapshots.html) **
- **Description:** Grants permission to delete snapshots in a batch of size upto 100
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchModifyClusterSnapshots.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchModifyClusterSnapshots.html) **
- **Description:** Grants permission to modify settings for a list of snapshots
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to cancel a query through the Amazon Redshift console
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to see queries in the Amazon Redshift console
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CancelResize.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CancelResize.html) **
- **Description:** Grants permission to cancel a resize operation
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CopyClusterSnapshot.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CopyClusterSnapshot.html) **
- **Description:** Grants permission to copy a cluster snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateAuthenticationProfile.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateAuthenticationProfile.html) **
- **Description:** Grants permission to create an Amazon Redshift authentication profile
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCluster.html) **
- **Description:** Grants permission to create a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster) / **Condition keys:** / **Dependent actions:** kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
kms:RetireGrant
secretsmanager:CreateSecret
secretsmanager:DeleteSecret
secretsmanager:DescribeSecret
secretsmanager:GetRandomPassword
secretsmanager:RotateSecret
secretsmanager:TagResource
secretsmanager:UpdateSecret
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterParameterGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterParameterGroup.html) **
- **Description:** Grants permission to create an Amazon Redshift parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSecurityGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSecurityGroup.html) **
- **Description:** Grants permission to create an Amazon Redshift security group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSnapshot.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSnapshot.html) **
- **Description:** Grants permission to create a manual snapshot of the specified cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSubnetGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSubnetGroup.html) **
- **Description:** Grants permission to create an Amazon Redshift subnet group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html) **
- **Description:** Grants permission to automatically create the specified Amazon Redshift user if it does not exist
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-dbuser](#amazonredshift-dbuser) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_DbUser](#amazonredshift-redshift_DbUser) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCustomDomainAssociation.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCustomDomainAssociation.html) **
- **Description:** Grants permission to create a custom domain name for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:** acm:DescribeCertificate
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEndpointAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEndpointAccess.html) **
- **Description:** Grants permission to create a redshift-managed vpc endpoint
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEventSubscription.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEventSubscription.html) **
- **Description:** Grants permission to create an Amazon Redshift event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmClientCertificate.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmClientCertificate.html) **
- **Description:** Grants permission to create an HSM client certificate that a cluster uses to connect to an HSM
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmConfiguration.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmConfiguration.html) **
- **Description:** Grants permission to create an HSM configuration that contains information required by a cluster to store and use database encryption keys in a hardware security module (HSM)
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html](https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html) [permission only]**
- **Description:** Grants permission to the source principal to create an integration into the namespace of target data warehouse
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateIntegration.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateIntegration.html) **
- **Description:** Grants permission to create an Amazon Redshift zero-ETL integration
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:** kms:CreateGrant
kms:DescribeKey
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys)
[#amazonredshift-redshift_IntegrationSourceArn](#amazonredshift-redshift_IntegrationSourceArn)
[#amazonredshift-redshift_IntegrationTargetArn](#amazonredshift-redshift_IntegrationTargetArn) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [permission only]**
- **Description:** Grants permission to create a qev2 idc application
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:** sso:CreateApplication
sso:PutApplicationAccessScope
sso:PutApplicationAuthenticationMethod
sso:PutApplicationGrant
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateRedshiftIdcApplication.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateRedshiftIdcApplication.html) **
- **Description:** Grants permission to create a redshift idc application
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:** sso:CreateApplication
sso:PutApplicationAccessScope
sso:PutApplicationAuthenticationMethod
sso:PutApplicationGrant
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to create saved SQL queries through the Amazon Redshift console
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateScheduledAction.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateScheduledAction.html) **
- **Description:** Grants permission to create an Amazon Redshift scheduled action
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotCopyGrant.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotCopyGrant.html) **
- **Description:** Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWS Region
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotSchedule.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotSchedule.html) **
- **Description:** Grants permission to create a snapshot schedule
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateTags.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateTags.html) **
- **Description:** Grants permission to add one or more tags to a specified resource
- **Access level:** Tagging
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-cidr](#amazonredshift-securitygroupingress-cidr) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateUsageLimit.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateUsageLimit.html) **
- **Description:** Grants permission to create a usage limit
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeauthorizeDataShare.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeauthorizeDataShare.html) **
- **Description:** Grants permission to remove permission from the specified datashare consumer to consume a datashare
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-datashare](#amazonredshift-datashare) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_ConsumerIdentifier](#amazonredshift-redshift_ConsumerIdentifier) / **Dependent actions:**
- ** [API_DeleteAuthenticationProfile.html](API_DeleteAuthenticationProfile.html) **
- **Description:** Grants permission to delete an Amazon Redshift authentication profile
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCluster.html) **
- **Description:** Grants permission to delete a previously provisioned cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterParameterGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterParameterGroup.html) **
- **Description:** Grants permission to delete an Amazon Redshift parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSecurityGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSecurityGroup.html) **
- **Description:** Grants permission to delete an Amazon Redshift security group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSnapshot.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSnapshot.html) **
- **Description:** Grants permission to delete a manual snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSubnetGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSubnetGroup.html) **
- **Description:** Grants permission to delete a cluster subnet group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCustomDomainAssociation.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCustomDomainAssociation.html) **
- **Description:** Grants permission to delete a custom domain name for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEndpointAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEndpointAccess.html) **
- **Description:** Grants permission to delete a redshift-managed vpc endpoint
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEventSubscription.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEventSubscription.html) **
- **Description:** Grants permission to delete an Amazon Redshift event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmClientCertificate.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmClientCertificate.html) **
- **Description:** Grants permission to delete an HSM client certificate
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmConfiguration.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmConfiguration.html) **
- **Description:** Grants permission to delete an Amazon Redshift HSM configuration
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteIntegration.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteIntegration.html) **
- **Description:** Grants permission to delete an Amazon Redshift zero-ETL integration
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeletePartner.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeletePartner.html) **
- **Description:** Grants permission to delete a partner integration from a cluster
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [permission only]**
- **Description:** Grants permission to delete a qev2 idc application
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-qev2idcapplication](#amazonredshift-qev2idcapplication)
- **Condition keys:**
- **Dependent actions:** sso:DeleteApplication
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteRedshiftIdcApplication.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteRedshiftIdcApplication.html) **
- **Description:** Grants permission to delete a redshift idc application
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-redshiftidcapplication](#amazonredshift-redshiftidcapplication)
- **Condition keys:**
- **Dependent actions:** sso:DeleteApplication
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteResourcePolicy.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteResourcePolicy.html) **
- **Description:** Grants permission to delete the resource policy for a specified resource
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to delete saved SQL queries through the Amazon Redshift console
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [API_DeleteScheduledAction.html](API_DeleteScheduledAction.html) **
- **Description:** Grants permission to delete an Amazon Redshift scheduled action
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotCopyGrant.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotCopyGrant.html) **
- **Description:** Grants permission to delete a snapshot copy grant
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotSchedule.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotSchedule.html) **
- **Description:** Grants permission to delete a snapshot schedule
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteTags.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteTags.html) **
- **Description:** Grants permission to delete a tag or tags from a resource
- **Access level:** Tagging
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-cidr](#amazonredshift-securitygroupingress-cidr) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteUsageLimit.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteUsageLimit.html) **
- **Description:** Grants permission to delete a usage limit
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeregisterNamespace.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeregisterNamespace.html) **
- **Description:** Grants permission to deregister the specified namespace from a consumer
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeAccountAttributes.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeAccountAttributes.html) **
- **Description:** Grants permission to describe attributes attached to the specified AWS account
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [API_DescribeAuthenticationProfiles.html](API_DescribeAuthenticationProfiles.html) **
- **Description:** Grants permission to describe created Amazon Redshift authentication profiles
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/dg/t_Manage_workload_exclusion.html](https://docs.aws.amazon.com/redshift/latest/dg/t_Manage_workload_exclusion.html) [permission only]**
- **Description:** Grants permission to describe the list of resources that are denylisted from global autonomics decisions for a specified cluster
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterDbRevisions.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterDbRevisions.html) **
- **Description:** Grants permission to describe database revisions for a cluster
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameterGroups.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameterGroups.html) **
- **Description:** Grants permission to describe Amazon Redshift parameter groups, including parameter groups you created and the default parameter group
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameters.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameters.html) **
- **Description:** Grants permission to describe parameters contained within an Amazon Redshift parameter group
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSecurityGroups.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSecurityGroups.html) **
- **Description:** Grants permission to describe Amazon Redshift security groups
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSnapshots.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSnapshots.html) **
- **Description:** Grants permission to describe one or more snapshot objects, which contain metadata about your cluster snapshots
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSubnetGroups.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSubnetGroups.html) **
- **Description:** Grants permission to describe one or more cluster subnet group objects, which contain metadata about your cluster subnet groups
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterTracks.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterTracks.html) **
- **Description:** Grants permission to describe available maintenance tracks
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterVersions.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterVersions.html) **
- **Description:** Grants permission to describe available Amazon Redshift cluster versions
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusters.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusters.html) **
- **Description:** Grants permission to describe properties of provisioned clusters
- **Access level:** List
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeCustomDomainAssociations.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeCustomDomainAssociations.html) **
- **Description:** Grants permission to describe custom domain names for a cluster
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataShares.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataShares.html) **
- **Description:** Grants permission to describe datashares created and consumed by your clusters
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForConsumer.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForConsumer.html) **
- **Description:** Grants permission to describe only datashares consumed by your clusters
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForProducer.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForProducer.html) **
- **Description:** Grants permission to describe only datashares created by your clusters
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDefaultClusterParameters.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDefaultClusterParameters.html) **
- **Description:** Grants permission to describe parameter settings for a parameter group family
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAccess.html) **
- **Description:** Grants permission to describe redshift-managed vpc endpoints
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAuthorization.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAuthorization.html) **
- **Description:** Grants permission to authorize describe activity for redshift-managed vpc endpoint
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventCategories.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventCategories.html) **
- **Description:** Grants permission to describe event categories for all event source types, or for a specified source type
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventSubscriptions.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventSubscriptions.html) **
- **Description:** Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWS account
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEvents.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEvents.html) **
- **Description:** Grants permission to describe events related to clusters, security groups, snapshots, and parameter groups for the past 14 days
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmClientCertificates.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmClientCertificates.html) **
- **Description:** Grants permission to describe HSM client certificates
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmConfigurations.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmConfigurations.html) **
- **Description:** Grants permission to describe Amazon Redshift HSM configurations
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeInboundIntegrations.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeInboundIntegrations.html) **
- **Description:** Grants permission to list the inbound integrations
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:** [#amazonredshift-redshift_InboundIntegrationArn](#amazonredshift-redshift_InboundIntegrationArn)
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeIntegrations.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeIntegrations.html) **
- **Description:** Grants permission to describe an Amazon Redshift zero-ETL integration
- **Access level:** List
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeLoggingStatus.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeLoggingStatus.html) **
- **Description:** Grants permission to describe whether information, such as queries and connection attempts, is being logged for a cluster
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeNodeConfigurationOptions.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeNodeConfigurationOptions.html) **
- **Description:** Grants permission to describe properties of possible node configurations such as node type, number of nodes, and disk usage for the specified action type
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeOrderableClusterOptions.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeOrderableClusterOptions.html) **
- **Description:** Grants permission to describe orderable cluster options
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribePartners.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribePartners.html) **
- **Description:** Grants permission to retrieve information about the partner integrations defined for a cluster
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [permission only]**
- **Description:** Grants permission to describe qev2 idc applications
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to describe a query through the Amazon Redshift console
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeRedshiftIdcApplications.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeRedshiftIdcApplications.html) **
- **Description:** Grants permission to describe redshift idc applications
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:** sso:GetApplicationGrant
sso:ListApplicationAccessScopes
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeExchangeStatus.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeExchangeStatus.html) **
- **Description:** Grants permission to describe exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeOfferings.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeOfferings.html) **
- **Description:** Grants permission to describe available reserved node offerings by Amazon Redshift
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodes.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodes.html) **
- **Description:** Grants permission to describe the reserved nodes
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeResize.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeResize.html) **
- **Description:** Grants permission to describe the last resize operation for a cluster
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to describe saved queries through the Amazon Redshift console
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [API_DescribeScheduledActions.html](API_DescribeScheduledActions.html) **
- **Description:** Grants permission to describe created Amazon Redshift scheduled actions
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotCopyGrants.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotCopyGrants.html) **
- **Description:** Grants permission to describe snapshot copy grants owned by the specified AWS account in the destination AWS Region
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotSchedules.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotSchedules.html) **
- **Description:** Grants permission to describe snapshot schedules
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeStorage.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeStorage.html) **
- **Description:** Grants permission to describe account level backups storage size and provisional storage
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to describe a table through the Amazon Redshift console
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTableRestoreStatus.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTableRestoreStatus.html) **
- **Description:** Grants permission to describe status of one or more table restore requests made using the RestoreTableFromClusterSnapshot API action
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTags.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTags.html) **
- **Description:** Grants permission to describe tags
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-cidr](#amazonredshift-securitygroupingress-cidr) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeUsageLimits.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeUsageLimits.html) **
- **Description:** Grants permission to describe usage limits
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableLogging.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableLogging.html) **
- **Description:** Grants permission to disable logging information, such as queries and connection attempts, for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableSnapshotCopy.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableSnapshotCopy.html) **
- **Description:** Grants permission to disable the automatic copy of snapshots for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisassociateDataShareConsumer.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisassociateDataShareConsumer.html) **
- **Description:** Grants permission to disassociate a consumer from a datashare
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-datashare](#amazonredshift-datashare) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_ConsumerArn](#amazonredshift-redshift_ConsumerArn) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableLogging.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableLogging.html) **
- **Description:** Grants permission to enable logging information, such as queries and connection attempts, for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableSnapshotCopy.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableSnapshotCopy.html) **
- **Description:** Grants permission to enable the automatic copy of snapshots for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to execute a query through the Amazon Redshift console
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_FailoverPrimaryCompute.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_FailoverPrimaryCompute.html) **
- **Description:** Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to fetch query results through the Amazon Redshift console
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html) **
- **Description:** Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWS account
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-dbuser](#amazonredshift-dbuser) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-dbname](#amazonredshift-dbname) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_DbName](#amazonredshift-redshift_DbName)
[#amazonredshift-redshift_DbUser](#amazonredshift-redshift_DbUser)
[#amazonredshift-redshift_DurationSeconds](#amazonredshift-redshift_DurationSeconds) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentialsWithIAM.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentialsWithIAM.html) **
- **Description:** Grants permission to get enhanced temporary credentials to access an Amazon Redshift database by the specified AWS account
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-dbname](#amazonredshift-dbname) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-redshift_DbName](#amazonredshift-redshift_DbName)
[#amazonredshift-redshift_DurationSeconds](#amazonredshift-redshift_DurationSeconds) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/identity-center-authentication.html](https://docs.aws.amazon.com/redshift/latest/mgmt/identity-center-authentication.html) **
- **Description:** Grants permission to get an authorized token for Identity Center users to access Redshift clusters
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeConfigurationOptions.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeConfigurationOptions.html) **
- **Description:** Grants permission to get the configuration options for the reserved-node exchange
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeOfferings.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeOfferings.html) **
- **Description:** Grants permission to get an array of DC2 ReservedNodeOfferings that matches the payment type, term, and usage price of the given DC1 reserved node
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetResourcePolicy.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetResourcePolicy.html) **
- **Description:** Grants permission to get the resource policy for a specified resource
- **Access level:** Read
- **Resource types (\*required):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html) **
- **Description:** Grants permission to join the specified Amazon Redshift group
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-dbgroup](#amazonredshift-dbgroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to list databases through the Amazon Redshift console
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [API_ListRecommendations.html](API_ListRecommendations.html) **
- **Description:** Grants permission to list Advisor recommendations
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to list saved queries through the Amazon Redshift console
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to list schemas through the Amazon Redshift console
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to list tables through the Amazon Redshift console
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyAquaConfiguration.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyAquaConfiguration.html) **
- **Description:** Grants permission to modify the AQUA configuration of a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyAuthenticationProfile.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyAuthenticationProfile.html) **
- **Description:** Grants permission to modify an existing Amazon Redshift authentication profile
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/dg/t_Manage_workload_exclusion.html](https://docs.aws.amazon.com/redshift/latest/dg/t_Manage_workload_exclusion.html) [permission only]**
- **Description:** Grants permission to add or remove resources from the global autonomics denylist for a specified cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCluster.html) **
- **Description:** Grants permission to modify the settings of a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:** acm:DescribeCertificate
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
kms:RetireGrant
secretsmanager:CreateSecret
secretsmanager:DeleteSecret
secretsmanager:DescribeSecret
secretsmanager:GetRandomPassword
secretsmanager:RotateSecret
secretsmanager:TagResource
secretsmanager:UpdateSecret
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterDbRevision.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterDbRevision.html) **
- **Description:** Grants permission to modify the database revision of a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterIamRoles.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterIamRoles.html) **
- **Description:** Grants permission to modify the list of AWS Identity and Access Management (IAM) roles that can be used by a cluster to access other AWS services
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterMaintenance.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterMaintenance.html) **
- **Description:** Grants permission to modify the maintenance settings of a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterParameterGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterParameterGroup.html) **
- **Description:** Grants permission to modify the parameters of a parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSnapshot.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSnapshot.html) **
- **Description:** Grants permission to modify the settings of a snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSnapshotSchedule.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSnapshotSchedule.html) **
- **Description:** Grants permission to modify a snapshot schedule for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSubnetGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSubnetGroup.html) **
- **Description:** Grants permission to modify a cluster subnet group to include the specified list of VPC subnets
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCustomDomainAssociation.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCustomDomainAssociation.html) **
- **Description:** Grants permission to modify a custom domain name for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:** acm:DescribeCertificate
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyEndpointAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyEndpointAccess.html) **
- **Description:** Grants permission to modify a redshift-managed vpc endpoint
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyEventSubscription.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyEventSubscription.html) **
- **Description:** Grants permission to modify an existing Amazon Redshift event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyIntegration.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyIntegration.html) **
- **Description:** Grants permission to modify an Amazon Redshift zero-ETL integration
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-integration](#amazonredshift-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [permission only]**
- **Description:** Grants permission to modify a qev2 idc application
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-qev2idcapplication](#amazonredshift-qev2idcapplication)
- **Condition keys:**
- **Dependent actions:** sso:UpdateApplication
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyRedshiftIdcApplication.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyRedshiftIdcApplication.html) **
- **Description:** Grants permission to modify a redshift idc application
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-redshiftidcapplication](#amazonredshift-redshiftidcapplication)
- **Condition keys:**
- **Dependent actions:** sso:DeleteApplicationAccessScope
sso:DeleteApplicationGrant
sso:GetApplicationGrant
sso:ListApplicationAccessScopes
sso:PutApplicationAccessScope
sso:PutApplicationGrant
sso:UpdateApplication
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to modify an existing saved query through the Amazon Redshift console
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyScheduledAction.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyScheduledAction.html) **
- **Description:** Grants permission to modify an existing Amazon Redshift scheduled action
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifySnapshotCopyRetentionPeriod.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifySnapshotCopyRetentionPeriod.html) **
- **Description:** Grants permission to modify the number of days to retain snapshots in the destination AWS Region after they are copied from the source AWS Region
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifySnapshotSchedule.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifySnapshotSchedule.html) **
- **Description:** Grants permission to modify a snapshot schedule
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyUsageLimit.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyUsageLimit.html) **
- **Description:** Grants permission to modify a usage limit
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_PauseCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_PauseCluster.html) **
- **Description:** Grants permission to pause a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_PurchaseReservedNodeOffering.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_PurchaseReservedNodeOffering.html) **
- **Description:** Grants permission to purchase a reserved node
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_PutResourcePolicy.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_PutResourcePolicy.html) **
- **Description:** Grants permission to update the resource policy for a specified resource
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RebootCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RebootCluster.html) **
- **Description:** Grants permission to reboot a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RegisterNamespace.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RegisterNamespace.html) **
- **Description:** Grants permission to register the specified namespace to a consumer
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RejectDataShare.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RejectDataShare.html) **
- **Description:** Grants permission to decline a datashare shared from another account
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-datashare](#amazonredshift-datashare)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResetClusterParameterGroup.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResetClusterParameterGroup.html) **
- **Description:** Grants permission to set one or more parameters of a parameter group to their default values and set the source values of the parameters to "engine-default"
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResizeCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResizeCluster.html) **
- **Description:** Grants permission to change the size of a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RestoreFromClusterSnapshot.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RestoreFromClusterSnapshot.html) **
- **Description:** Grants permission to create a cluster from a snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster) / **Condition keys:** / **Dependent actions:** kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
kms:RetireGrant
secretsmanager:CreateSecret
secretsmanager:DeleteSecret
secretsmanager:DescribeSecret
secretsmanager:GetRandomPassword
secretsmanager:RotateSecret
secretsmanager:TagResource
secretsmanager:UpdateSecret
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RestoreTableFromClusterSnapshot.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RestoreTableFromClusterSnapshot.html) **
- **Description:** Grants permission to create a table from a table in an Amazon Redshift cluster snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResumeCluster.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResumeCluster.html) **
- **Description:** Grants permission to resume a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeClusterSecurityGroupIngress.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeClusterSecurityGroupIngress.html) **
- **Description:** Grants permission to revoke an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeEndpointAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeEndpointAccess.html) **
- **Description:** Grants permission to revoke access for endpoint related activities for redshift-managed vpc endpoint
- **Access level:** Permissions management
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeSnapshotAccess.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeSnapshotAccess.html) **
- **Description:** Grants permission to revoke access from the specified AWS account to restore a snapshot
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_RotateEncryptionKey.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_RotateEncryptionKey.html) **
- **Description:** Grants permission to rotate an encryption key for a cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/APIReference/API_UpdatePartnerStatus.html](https://docs.aws.amazon.com/redshift/latest/APIReference/API_UpdatePartnerStatus.html) **
- **Description:** Grants permission to update the status of a partner integration
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to view query results through the Amazon Redshift console
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [permission only]**
- **Description:** Grants permission to terminate running queries and loads through the Amazon Redshift console
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
## Resource types defined by Amazon Redshift
The following resource types are defined by this service and can be used in the `Resource` element of IAM permission policy statements. Each action in the [Actions table](#amazonredshift-actions-as-permissions) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see [Resource types table](reference_policies_actions-resources-contextkeys.html#resources_table).
****
| Resource types | ARN | Condition keys |
| --- | --- | --- |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html) | arn:${Partition}:redshift:${Region}:${Account}:cluster:${ClusterName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/dg/datashare-overview.html](https://docs.aws.amazon.com/redshift/latest/dg/datashare-overview.html) | arn:${Partition}:redshift:${Region}:${Account}:datashare:${ProducerClusterNamespace}/${DataShareName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_GROUP.html](https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_GROUP.html) | arn:${Partition}:redshift:${Region}:${Account}:dbgroup:${ClusterName}/${DbGroup} | |
| [https://docs.aws.amazon.com/redshift/latest/dg/t_creating_database.html](https://docs.aws.amazon.com/redshift/latest/dg/t_creating_database.html) | arn:${Partition}:redshift:${Region}:${Account}:dbname:${ClusterName}/${DbName} | |
| [https://docs.aws.amazon.com/redshift/latest/dg/r_Users.html](https://docs.aws.amazon.com/redshift/latest/dg/r_Users.html) | arn:${Partition}:redshift:${Region}:${Account}:dbuser:${ClusterName}/${DbUser} | |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-events.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-events.html) | arn:${Partition}:redshift:${Region}:${Account}:eventsubscription:${EventSubscriptionName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM) | arn:${Partition}:redshift:${Region}:${Account}:hsmclientcertificate:${HSMClientCertificateId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM) | arn:${Partition}:redshift:${Region}:${Account}:hsmconfiguration:${HSMConfigurationId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.html](https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.html) | arn:${Partition}:redshift:${Region}:${Account}:integration:${IntegrationIdentifier} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/dg/concepts.html](https://docs.aws.amazon.com/redshift/latest/dg/concepts.html) | arn:${Partition}:redshift:${Region}:${Account}:namespace:${ClusterNamespace} | |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:parametergroup:${ParameterGroupName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html) | arn:${Partition}:redshift:${Region}:${Account}:snapshot:${ClusterName}/${SnapshotName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#configure-snapshot-copy-grant](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#configure-snapshot-copy-grant) | arn:${Partition}:redshift:${Region}:${Account}:snapshotcopygrant:${SnapshotCopyGrantName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html) | arn:${Partition}:redshift:${Region}:${Account}:snapshotschedule:${ScheduleIdentifier} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-cluster-subnet-groups.html](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-cluster-subnet-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:subnetgroup:${SubnetGroupName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/managing-cluster-usage-limits.html](https://docs.aws.amazon.com/redshift/latest/mgmt/managing-cluster-usage-limits.html) | arn:${Partition}:redshift:${Region}:${Account}:usagelimit:${UsageLimitId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) | arn:${Partition}:redshift:${Region}:${Account}:redshiftidcapplication:${RedshiftIdcApplicationId} | |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) | arn:${Partition}:redshift:${Region}:${Account}:qev2idcapplication:${Qev2IdcApplicationId} | |
## Condition keys for Amazon Redshift
Amazon Redshift defines the following condition keys that can be used in the `Condition` element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see [Condition keys table](reference_policies_actions-resources-contextkeys.html#context_keys_table).
To view the global condition keys that are available to all services, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).
****
| Condition keys | Description | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by actions based on the allowed set of values for each of the tags | String |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by actions based on tag-value associated with the resource | String |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by actions based on the presence of mandatory tags in the request | ArrayOfString |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the allowWrites input parameter | Bool |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the datashare consumer arn | ARN |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the datashare consumer | String |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the database name | String |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the database user name | String |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the number of seconds until a temporary credential set expires | String |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the ARN of an inbound zero-ETL Integration resource | ARN |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the ARN of a zero-ETL Integration source | ARN |
| [https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | Filters access by the ARN of a zero-ETL Integration target | ARN |