Step 3: Grant access to a SQL client and run queries - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 3: Grant access to a SQL client and run queries

To query databases hosted by your Amazon Redshift cluster, you have several options for SQL clients. These include:

  • Connect to your cluster and run queries using Amazon Redshift query editor v2.

    If you use query editor v2, you don't have to download and set up an SQL client application. You launch Amazon Redshift query editor v2 from the Amazon Redshift console.

  • Connect to your cluster using RSQL. For more information, see Connecting with Amazon Redshift RSQL in the Amazon Redshift Management Guide.

  • Connect to your cluster through a SQL client tool, such as SQL Workbench/J. For more information, see Connect to your cluster by using SQL Workbench/J in the Amazon Redshift Management Guide.

This tutorial uses Amazon Redshift query editor v2 as an easy way to run queries on databases hosted by your Amazon Redshift cluster. After creating your cluster, you can immediately run queries. For details about considerations when using the Amazon Redshift query editor v2, see Considerations when working with query editor v2 in the Amazon Redshift Management Guide.

Granting access to the query editor v2

The first time an administrator configures query editor v2 for your Amazon Web Services account, they choose the Amazon KMS key that is used to encrypt query editor v2 resources. Amazon Redshift query editor v2 resources include saved queries, notebooks, and charts. By default, an Amazon owned key is used to encrypt resources. Alternatively, an administrator can use a customer managed key by choosing the Amazon Resource Name (ARN) for the key in the configuration page. After you configure an account, Amazon KMS encryption settings can't be changed. For more information, see Configuring your Amazon Web Services account in the Amazon Redshift Management Guide.

To access the query editor v2, you need permission. An administrator can attach one of the Amazon managed policies for Amazon Redshift query editor v2 to the IAM role or user to grant permissions. These Amazon managed policies are written with different options that control how tagging resources allows sharing of queries. You can use the IAM console (https://console.amazonaws.cn/iam/) to attach IAM policies. For more information about these policies, see Accessing the query editor v2 in the Amazon Redshift Management Guide.

You can also create your own policy based on the permissions allowed and denied in the provided managed policies. If you use the IAM console policy editor to create your own policy, choose SQL Workbench as the service for which you create the policy in the visual editor. The query editor v2 uses the service name Amazon SQL Workbench in the visual editor and IAM Policy Simulator.

For more information, see Working with query editor v2 in the Amazon Redshift Management Guide.