本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon Redshift 的操作、资源和条件键
Amazon Redshift(服务前缀:`redshift`)提供以下服务特定的资源、操作和条件上下文键以在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.amazonaws.cn/redshift/latest/mgmt/welcome.html)。
+ 查看[适用于该服务的 API 操作列表](https://docs.amazonaws.cn/redshift/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-authentication-access-control.html) 权限策略保护该服务及其资源。
**Topics**
+ [Amazon Redshift 定义的操作](#amazonredshift-actions-as-permissions)
+ [Amazon Redshift 定义的资源类型](#amazonredshift-resources-for-iam-policies)
+ [Amazon Redshift 的条件键](#amazonredshift-policy-keys)
## Amazon Redshift 定义的操作
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 Amazon中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\*) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#amazonredshift-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\* 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AcceptReservedNodeExchange.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AcceptReservedNodeExchange.html) **
- **描述:** 授予权限以使用 DC1 预留节点交换 DC2 预留节点而不对配置进行任何更改
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AddPartner.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AddPartner.html) **
- **描述:** 授予向集群添加合作伙伴集成的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AssociateDataShareConsumer.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AssociateDataShareConsumer.html) **
- **描述:** 授予权限以将使用者与数据共享相关联
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-datashare](#amazonredshift-datashare) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_ConsumerArn](#amazonredshift-redshift_ConsumerArn)
[#amazonredshift-redshift_AllowWrites](#amazonredshift-redshift_AllowWrites) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeClusterSecurityGroupIngress.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeClusterSecurityGroupIngress.html) **
- **描述:** 授予权限以向 Amazon Redshift 安全组添加入站(传入)规则
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeDataShare.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeDataShare.html) **
- **描述:** 授予权限以授权指定的数据共享使用者使用数据共享
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-datashare](#amazonredshift-datashare) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_ConsumerIdentifier](#amazonredshift-redshift_ConsumerIdentifier)
[#amazonredshift-redshift_AllowWrites](#amazonredshift-redshift_AllowWrites) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeEndpointAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeEndpointAccess.html) **
- **描述:** 授予对 redshift 托管的 VPC 端点的相关活动进行授权的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/zero-etl-using.setting-up.html](https://docs.amazonaws.cn/redshift/latest/mgmt/zero-etl-using.setting-up.html) [仅权限]**
- **描述:** 向 Amazon Redshift 授予持续验证目标命名空间是否可以接收从源 ARN 复制的数据的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html) **
- **描述:** 向指定用户授 Amazon Web Services 账户 予恢复快照的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_BatchDeleteClusterSnapshots.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_BatchDeleteClusterSnapshots.html) **
- **描述:** 授予权限以批量删除快照(最多 100 个)
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_BatchModifyClusterSnapshots.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_BatchModifyClusterSnapshots.html) **
- **描述:** 授予权限以修改快照列表设置
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台取消查询
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以在 Amazon Redshift 控制台中查看查询
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CancelResize.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CancelResize.html) **
- **描述:** 授予权限以取消调整大小操作
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CopyClusterSnapshot.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CopyClusterSnapshot.html) **
- **描述:** 授予权限以复制集群快照
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateAuthenticationProfile.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateAuthenticationProfile.html) **
- **描述:** 授予权限以创建 Amazon Redshift 身份验证配置文件
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateCluster.html) **
- **描述:** 授予权限以创建集群
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster) / **条件键:** / **相关操作:** kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
kms:RetireGrant
secretsmanager:CreateSecret
secretsmanager:DeleteSecret
secretsmanager:DescribeSecret
secretsmanager:GetRandomPassword
secretsmanager:RotateSecret
secretsmanager:TagResource
secretsmanager:UpdateSecret
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterParameterGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterParameterGroup.html) **
- **描述:** 授予权限以创建 Amazon Redshift 参数组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterSecurityGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterSecurityGroup.html) **
- **描述:** 授予权限以创建 Amazon Redshift 安全组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterSnapshot.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterSnapshot.html) **
- **描述:** 授予权限以创建指定集群的手动快照
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterSubnetGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateClusterSubnetGroup.html) **
- **描述:** 授予权限以创建 Amazon Redshift 子网组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html) **
- **描述:** 授予权限以自动创建指定的 Amazon Redshift 用户(如果不存在)
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-dbuser](#amazonredshift-dbuser) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_DbUser](#amazonredshift-redshift_DbUser) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateCustomDomainAssociation.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateCustomDomainAssociation.html) **
- **描述:** 授予权限以为集群创建自定义域名
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:** acm:DescribeCertificate
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateEndpointAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateEndpointAccess.html) **
- **描述:** 授予创建 redshift 托管 VPC 端点的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateEventSubscription.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateEventSubscription.html) **
- **描述:** 授予权限以创建 Amazon Redshift 事件通知订阅
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateHsmClientCertificate.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateHsmClientCertificate.html) **
- **描述:** 授予权限以创建 HSM 客户端证书,集群在连接到 HSM 时使用该证书
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateHsmConfiguration.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateHsmConfiguration.html) **
- **描述:** 授予权限以创建 HSM 配置,其中包含集群在硬件安全模块 (HSM) 中存储并使用数据库加密密钥所需的信息
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/zero-etl-using.setting-up.html](https://docs.amazonaws.cn/redshift/latest/mgmt/zero-etl-using.setting-up.html) [仅权限]**
- **描述:** 向源主体授予在目标数据仓库命名空间中创建集成的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateIntegration.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateIntegration.html) **
- **描述:** 授予权限以创建 Amazon Redshift 零 ETL 集成
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:** kms:CreateGrant
kms:DescribeKey
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys)
[#amazonredshift-redshift_IntegrationSourceArn](#amazonredshift-redshift_IntegrationSourceArn)
[#amazonredshift-redshift_IntegrationTargetArn](#amazonredshift-redshift_IntegrationTargetArn) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [仅权限]**
- **描述:** 授予权限以创建 qev2 idc 应用程序
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:** sso:CreateApplication
sso:PutApplicationAccessScope
sso:PutApplicationAuthenticationMethod
sso:PutApplicationGrant
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateRedshiftIdcApplication.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateRedshiftIdcApplication.html) **
- **描述:** 授予创建 redshift idc 应用程序的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:** sso:CreateApplication
sso:PutApplicationAccessScope
sso:PutApplicationAuthenticationMethod
sso:PutApplicationGrant
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台创建保存的 SQL 查询
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateScheduledAction.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateScheduledAction.html) **
- **描述:** 授予权限以创建 Amazon Redshift 计划操作
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateSnapshotCopyGrant.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateSnapshotCopyGrant.html) **
- **描述:** 授予创建快照副本的权限,授予和加密目标中复制的快照的权限 Amazon Web Services 区域
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateSnapshotSchedule.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateSnapshotSchedule.html) **
- **描述:** 授予权限以创建快照计划
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateTags.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateTags.html) **
- **描述:** 授予权限以将一个或多个标签添加到指定的资源中
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-cidr](#amazonredshift-securitygroupingress-cidr) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateUsageLimit.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_CreateUsageLimit.html) **
- **描述:** 授予创建使用限制的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_RequestTag___TagKey_](#amazonredshift-aws_RequestTag___TagKey_)
[#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeauthorizeDataShare.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeauthorizeDataShare.html) **
- **描述:** 授予权限以删除指定数据共享使用者使用数据共享的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-datashare](#amazonredshift-datashare) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_ConsumerIdentifier](#amazonredshift-redshift_ConsumerIdentifier) / **相关操作:**
- ** [API_DeleteAuthenticationProfile.html](API_DeleteAuthenticationProfile.html) **
- **描述:** 授予权限以删除 Amazon Redshift 身份验证配置文件
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteCluster.html) **
- **描述:** 授予权限以删除以前预配置的集群
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterParameterGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterParameterGroup.html) **
- **描述:** 授予权限以删除 Amazon Redshift 参数组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterSecurityGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterSecurityGroup.html) **
- **描述:** 授予权限以删除 Amazon Redshift 安全组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterSnapshot.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterSnapshot.html) **
- **描述:** 授予权限以删除手动快照
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterSubnetGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteClusterSubnetGroup.html) **
- **描述:** 授予权限以删除集群子网组
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteCustomDomainAssociation.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteCustomDomainAssociation.html) **
- **描述:** 授予权限以为集群删除自定义域名
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteEndpointAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteEndpointAccess.html) **
- **描述:** 授予删除 redshift 托管 VPC 端点的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteEventSubscription.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteEventSubscription.html) **
- **描述:** 授予权限以删除 Amazon Redshift 事件通知订阅
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteHsmClientCertificate.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteHsmClientCertificate.html) **
- **描述:** 授予权限以删除 HSM 客户端证书
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteHsmConfiguration.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteHsmConfiguration.html) **
- **描述:** 授予权限以删除 Amazon Redshift HSM 配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteIntegration.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteIntegration.html) **
- **描述:** 授予权限以删除 Amazon Redshift 零 ETL 集成
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeletePartner.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeletePartner.html) **
- **描述:** 授予从集群中删除合作伙伴集成的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [仅权限]**
- **描述:** 授予权限以删除 qev2 idc 应用程序
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-qev2idcapplication](#amazonredshift-qev2idcapplication)
- **条件键:**
- **相关操作:** sso:DeleteApplication
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteRedshiftIdcApplication.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteRedshiftIdcApplication.html) **
- **描述:** 授予删除 redshift idc 应用程序的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-redshiftidcapplication](#amazonredshift-redshiftidcapplication)
- **条件键:**
- **相关操作:** sso:DeleteApplication
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteResourcePolicy.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteResourcePolicy.html) **
- **描述:** 授予删除指定资源的资源策略的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台删除保存的 SQL 查询
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [API_DeleteScheduledAction.html](API_DeleteScheduledAction.html) **
- **描述:** 授予权限以删除 Amazon Redshift 计划操作
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteSnapshotCopyGrant.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteSnapshotCopyGrant.html) **
- **描述:** 授予权限以删除快照复制授权
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteSnapshotSchedule.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteSnapshotSchedule.html) **
- **描述:** 授予权限以删除快照计划
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteTags.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteTags.html) **
- **描述:** 授予权限以从资源中删除一个或多个标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-cidr](#amazonredshift-securitygroupingress-cidr) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteUsageLimit.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeleteUsageLimit.html) **
- **描述:** 授予删除使用限制的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeregisterNamespace.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DeregisterNamespace.html) **
- **描述:** 授予权限以从使用者取消注册指定命名空间
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeAccountAttributes.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeAccountAttributes.html) **
- **描述:** 授予描述附加到指定属性的权限 Amazon Web Services 账户
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [API_DescribeAuthenticationProfiles.html](API_DescribeAuthenticationProfiles.html) **
- **描述:** 授予权限以描述已创建的 Amazon Redshift 身份验证配置文件
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/dg/t_Manage_workload_exclusion.html](https://docs.amazonaws.cn/redshift/latest/dg/t_Manage_workload_exclusion.html) [仅权限]**
- **描述:** 授予权限以描述指定集群的全局自治决策中被拒绝列入名单的资源列表
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterDbRevisions.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterDbRevisions.html) **
- **描述:** 授予权限以描述集群的数据库修订
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterParameterGroups.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterParameterGroups.html) **
- **描述:** 授予权限以描述 Amazon Redshift 参数组,包括您创建的参数组和默认参数组
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterParameters.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterParameters.html) **
- **描述:** 授予权限以描述 Amazon Redshift 参数组中包含的参数
- **访问级别:** Read
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterSecurityGroups.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterSecurityGroups.html) **
- **描述:** 授予权限以描述 Amazon Redshift 安全组
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterSnapshots.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterSnapshots.html) **
- **描述:** 授予权限以描述一个或多个包含集群快照元数据的快照对象
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterSubnetGroups.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterSubnetGroups.html) **
- **描述:** 授予权限以描述一个或多个集群子网组对象,其中包含与集群子网组相关的元数据
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterTracks.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterTracks.html) **
- **描述:** 授予权限以描述可用维护跟踪
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterVersions.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusterVersions.html) **
- **描述:** 授予权限以描述可用 Amazon Redshift 集群版本
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusters.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeClusters.html) **
- **描述:** 授予权限以描述预配置的集群属性
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeCustomDomainAssociations.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeCustomDomainAssociations.html) **
- **描述:** 授予权限以为集群描述自定义域名
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDataShares.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDataShares.html) **
- **描述:** 授予权限以描述集群创建和使用的数据共享
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDataSharesForConsumer.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDataSharesForConsumer.html) **
- **描述:** 授予权限以仅描述集群使用的数据共享
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDataSharesForProducer.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDataSharesForProducer.html) **
- **描述:** 授予权限以仅描述集群创建的数据共享
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDefaultClusterParameters.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeDefaultClusterParameters.html) **
- **描述:** 授予权限以描述参数组系列的参数设置
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEndpointAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEndpointAccess.html) **
- **描述:** 授予描述 redshift 托管 VPC 端点的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEndpointAuthorization.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEndpointAuthorization.html) **
- **描述:** 授予对 redshift 托管 VPC 端点的描述活动进行授权的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEventCategories.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEventCategories.html) **
- **描述:** 授予权限以描述所有事件源类型或指定源类型的事件类别
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEventSubscriptions.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEventSubscriptions.html) **
- **描述:** 授予描述指定的 Amazon Redshift 事件通知订阅的权限 Amazon Web Services 账户
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEvents.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeEvents.html) **
- **描述:** 授予权限以描述过去 14 天内与集群、安全组、快照和参数组相关的事件
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeHsmClientCertificates.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeHsmClientCertificates.html) **
- **描述:** 授予权限以描述 HSM 客户端证书
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeHsmConfigurations.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeHsmConfigurations.html) **
- **描述:** 授予权限以描述 Amazon Redshift HSM 配置
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeInboundIntegrations.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeInboundIntegrations.html) **
- **描述:** 授予列出入站集成的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#amazonredshift-redshift_InboundIntegrationArn](#amazonredshift-redshift_InboundIntegrationArn)
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeIntegrations.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeIntegrations.html) **
- **描述:** 授予权限以描述 Amazon Redshift 零 ETL 集成
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeLoggingStatus.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeLoggingStatus.html) **
- **描述:** 授予权限以描述是否为集群记录信息(例如查询和连接尝试)
- **访问级别:** Read
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeNodeConfigurationOptions.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeNodeConfigurationOptions.html) **
- **描述:** 授予权限以描述可能节点配置的属性,例如节点类型、节点数以及指定操作类型的磁盘使用情况。
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeOrderableClusterOptions.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeOrderableClusterOptions.html) **
- **描述:** 授予权限以描述可排序集群选项
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribePartners.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribePartners.html) **
- **描述:** 授予检索为集群定义的合作伙伴集成相关信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [仅权限]**
- **描述:** 授予权限以描述 qev2 idc 应用程序
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台描述查询
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeRedshiftIdcApplications.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeRedshiftIdcApplications.html) **
- **描述:** 授予描述 redshift idc 应用程序的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:** sso:GetApplicationGrant
sso:ListApplicationAccessScopes
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeReservedNodeExchangeStatus.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeReservedNodeExchangeStatus.html) **
- **描述:** 授予权限以描述预留节点交换的交换状态详细信息和关联元数据。状态包括正在进行和请求中的值
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeReservedNodeOfferings.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeReservedNodeOfferings.html) **
- **描述:** 授予权限以描述 Amazon Redshift 提供的可用预留节点产品
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeReservedNodes.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeReservedNodes.html) **
- **描述:** 授予权限以描述预留节点
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeResize.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeResize.html) **
- **描述:** 授予权限以描述集群的上次调整大小操作
- **访问级别:** Read
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台描述已保存查询
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [API_DescribeScheduledActions.html](API_DescribeScheduledActions.html) **
- **描述:** 授予权限以描述已创建的 Amazon Redshift 计划操作
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeSnapshotCopyGrants.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeSnapshotCopyGrants.html) **
- **描述:** 授予描述快照副本的权限授予目标 Amazon Web Services 账户 中指定用户拥有的权限 Amazon Web Services 区域
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeSnapshotSchedules.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeSnapshotSchedules.html) **
- **描述:** 授予权限以描述快照计划
- **访问级别:** Read
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeStorage.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeStorage.html) **
- **描述:** 授予权限以描述账户级备份存储大小和临时存储
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台描述表
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeTableRestoreStatus.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeTableRestoreStatus.html) **
- **描述:** 授予描述使用 RestoreTableFromClusterSnapshot API 操作发出的一个或多个表还原请求状态的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeTags.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeTags.html) **
- **描述:** 授予权限以描述标签
- **访问级别:** Read
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-hsmclientcertificate](#amazonredshift-hsmclientcertificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-hsmconfiguration](#amazonredshift-hsmconfiguration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-cidr](#amazonredshift-securitygroupingress-cidr) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshotcopygrant](#amazonredshift-snapshotcopygrant) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeUsageLimits.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DescribeUsageLimits.html) **
- **描述:** 授予描述使用限制的权限
- **访问级别:** Read
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DisableLogging.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DisableLogging.html) **
- **描述:** 授予权限以禁用集群的日志记录信息(例如查询和连接尝试)
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DisableSnapshotCopy.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DisableSnapshotCopy.html) **
- **描述:** 授予权限以禁用集群的快照自动复制
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_DisassociateDataShareConsumer.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_DisassociateDataShareConsumer.html) **
- **描述:** 授予权限以取消使用者与数据共享的关联
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-datashare](#amazonredshift-datashare) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_ConsumerArn](#amazonredshift-redshift_ConsumerArn) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_EnableLogging.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_EnableLogging.html) **
- **描述:** 授予权限以启用集群的日志记录信息(例如查询和连接尝试)
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_EnableSnapshotCopy.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_EnableSnapshotCopy.html) **
- **描述:** 授予权限以启用集群的快照自动复制
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台执行查询
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_FailoverPrimaryCompute.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_FailoverPrimaryCompute.html) **
- **描述:** 授予将 Multi-AZ 群集的主计算故障转移到另一个可用区的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台提取查询结果
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetClusterCredentials.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetClusterCredentials.html) **
- **描述:** 授予通过指定用户获取访问亚马逊 Redshift 数据库的临时凭证的权限 Amazon Web Services 账户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-dbuser](#amazonredshift-dbuser) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-dbname](#amazonredshift-dbname) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_DbName](#amazonredshift-redshift_DbName)
[#amazonredshift-redshift_DbUser](#amazonredshift-redshift_DbUser)
[#amazonredshift-redshift_DurationSeconds](#amazonredshift-redshift_DurationSeconds) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetClusterCredentialsWithIAM.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetClusterCredentialsWithIAM.html) **
- **描述:** 授予获取增强型临时凭证的权限,以便通过指定用户访问亚马逊 Redshift 数据库 Amazon Web Services 账户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-dbname](#amazonredshift-dbname) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-redshift_DbName](#amazonredshift-redshift_DbName)
[#amazonredshift-redshift_DurationSeconds](#amazonredshift-redshift_DurationSeconds) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/identity-center-authentication.html](https://docs.amazonaws.cn/redshift/latest/mgmt/identity-center-authentication.html) **
- **描述:** 授予获取授权令牌的权限,以供身份中心用户访问 Redshift 集群
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetReservedNodeExchangeConfigurationOptions.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetReservedNodeExchangeConfigurationOptions.html) **
- **描述:** 授予权限以获取预留节点交换的配置选项
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetReservedNodeExchangeOfferings.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetReservedNodeExchangeOfferings.html) **
- **描述:** 授予获取与给定 DC1 预留 ReservedNodeOfferings 节点的付款类型、期限和使用价格相匹配的 DC2 数组的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetResourcePolicy.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetResourcePolicy.html) **
- **描述:** 授予获取指定资源的资源策略的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetClusterCredentials.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_GetClusterCredentials.html) **
- **描述:** 授予权限以加入指定的 Amazon Redshift 组
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#amazonredshift-dbgroup](#amazonredshift-dbgroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台列出数据库
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [API_ListRecommendations.html](API_ListRecommendations.html) **
- **描述:** 授予权限以列出 Advisor 建议
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台列出保存的查询
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台列出架构
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台列出表
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyAquaConfiguration.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyAquaConfiguration.html) **
- **描述:** 授予权限以修改集群的 AQUA 配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyAuthenticationProfile.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyAuthenticationProfile.html) **
- **描述:** 授予权限以修改 Amazon Redshift 身份验证配置文件
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/dg/t_Manage_workload_exclusion.html](https://docs.amazonaws.cn/redshift/latest/dg/t_Manage_workload_exclusion.html) [仅权限]**
- **描述:** 授予在指定集群的全局自治拒绝列表中添加或删除资源的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyCluster.html) **
- **描述:** 授予权限以修改集群的设置
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:** acm:DescribeCertificate
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
kms:RetireGrant
secretsmanager:CreateSecret
secretsmanager:DeleteSecret
secretsmanager:DescribeSecret
secretsmanager:GetRandomPassword
secretsmanager:RotateSecret
secretsmanager:TagResource
secretsmanager:UpdateSecret
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterDbRevision.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterDbRevision.html) **
- **描述:** 授予权限以修改集群的数据库修订
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterIamRoles.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterIamRoles.html) **
- **描述:** 授予修改集群可用来访问其他服务的 Amazon 身份和访问管理 (IAM) Access Management 角色列表的权限 Amazon
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterMaintenance.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterMaintenance.html) **
- **描述:** 授予权限以修改集群的维护设置
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterParameterGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterParameterGroup.html) **
- **描述:** 授予权限以修改参数组的参数
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterSnapshot.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterSnapshot.html) **
- **描述:** 授予权限以修改快照的设置
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterSnapshotSchedule.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterSnapshotSchedule.html) **
- **描述:** 授予权限以修改集群的快照计划
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterSubnetGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyClusterSubnetGroup.html) **
- **描述:** 授予权限以修改集群子网组来包含指定的 VPC 子网列表
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-subnetgroup](#amazonredshift-subnetgroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyCustomDomainAssociation.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyCustomDomainAssociation.html) **
- **描述:** 授予权限以为集群修改自定义域名
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:** acm:DescribeCertificate
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyEndpointAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyEndpointAccess.html) **
- **描述:** 授予修改 redshift 托管 VPC 端点的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyEventSubscription.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyEventSubscription.html) **
- **描述:** 授予权限以修改现有 Amazon Redshift 事件通知订阅
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-eventsubscription](#amazonredshift-eventsubscription)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyIntegration.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyIntegration.html) **
- **描述:** 授予权限以修改 Amazon Redshift 零 ETL 集成
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-integration](#amazonredshift-integration) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) [仅权限]**
- **描述:** 授予权限以修改 qev2 idc 应用程序
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-qev2idcapplication](#amazonredshift-qev2idcapplication)
- **条件键:**
- **相关操作:** sso:UpdateApplication
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyRedshiftIdcApplication.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyRedshiftIdcApplication.html) **
- **描述:** 授予修改 redshift idc 应用程序的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-redshiftidcapplication](#amazonredshift-redshiftidcapplication)
- **条件键:**
- **相关操作:** sso:DeleteApplicationAccessScope
sso:DeleteApplicationGrant
sso:GetApplicationGrant
sso:ListApplicationAccessScopes
sso:PutApplicationAccessScope
sso:PutApplicationGrant
sso:UpdateApplication
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台修改现有保存的查询
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyScheduledAction.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyScheduledAction.html) **
- **描述:** 授予权限以修改现有 Amazon Redshift 计划操作
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifySnapshotCopyRetentionPeriod.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifySnapshotCopyRetentionPeriod.html) **
- **描述:** 授予修改从源复制快照 Amazon Web Services 区域 后在目标中保留的天数的权限 Amazon Web Services 区域
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifySnapshotSchedule.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifySnapshotSchedule.html) **
- **描述:** 授予权限以修改快照计划
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-snapshotschedule](#amazonredshift-snapshotschedule)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyUsageLimit.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ModifyUsageLimit.html) **
- **描述:** 授予修改使用限制的权限
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-usagelimit](#amazonredshift-usagelimit)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_PauseCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_PauseCluster.html) **
- **描述:** 授予暂停集群的权限
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_PurchaseReservedNodeOffering.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_PurchaseReservedNodeOffering.html) **
- **描述:** 授予权限以购买预留节点
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_PutResourcePolicy.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_PutResourcePolicy.html) **
- **描述:** 授予更新指定资源的资源策略的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-namespace](#amazonredshift-namespace)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RebootCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RebootCluster.html) **
- **描述:** 授予权限以重新引导集群
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RegisterNamespace.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RegisterNamespace.html) **
- **描述:** 授予权限以向使用者注册指定命名空间
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RejectDataShare.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RejectDataShare.html) **
- **描述:** 授予权限以拒绝另一个账户共享的数据共享
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#amazonredshift-datashare](#amazonredshift-datashare)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ResetClusterParameterGroup.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ResetClusterParameterGroup.html) **
- **描述:** 授予权限以将某个参数组的一个或多个参数设为其默认值,并将参数的源值设为“engine-default”
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-parametergroup](#amazonredshift-parametergroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ResizeCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ResizeCluster.html) **
- **描述:** 授予权限以更改集群大小
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RestoreFromClusterSnapshot.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RestoreFromClusterSnapshot.html) **
- **描述:** 授予权限以从快照创建集群
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster) / **条件键:** / **相关操作:** kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
kms:RetireGrant
secretsmanager:CreateSecret
secretsmanager:DeleteSecret
secretsmanager:DescribeSecret
secretsmanager:GetRandomPassword
secretsmanager:RotateSecret
secretsmanager:TagResource
secretsmanager:UpdateSecret
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonredshift-aws_TagKeys](#amazonredshift-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RestoreTableFromClusterSnapshot.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RestoreTableFromClusterSnapshot.html) **
- **描述:** 授予权限以从 Amazon Redshift 集群快照中的表创建表
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_ResumeCluster.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_ResumeCluster.html) **
- **描述:** 授予权限以恢复集群
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RevokeClusterSecurityGroupIngress.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RevokeClusterSecurityGroupIngress.html) **
- **描述:** 授予权限以撤销 Amazon Redshift 安全组中之前授权的 IP 范围或 Amazon EC2 安全组的传入规则
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-securitygroup](#amazonredshift-securitygroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonredshift-securitygroupingress-ec2securitygroup](#amazonredshift-securitygroupingress-ec2securitygroup) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RevokeEndpointAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RevokeEndpointAccess.html) **
- **描述:** 授予对 redshift 托管 VPC 端点中的端点相关活动撤销访问的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RevokeSnapshotAccess.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RevokeSnapshotAccess.html) **
- **描述:** 授予撤消指定访问权限 Amazon Web Services 账户 以恢复快照的权限
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#amazonredshift-snapshot](#amazonredshift-snapshot)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_RotateEncryptionKey.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_RotateEncryptionKey.html) **
- **描述:** 授予权限以轮换集群的加密密钥
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonredshift-cluster](#amazonredshift-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/APIReference/API_UpdatePartnerStatus.html](https://docs.amazonaws.cn/redshift/latest/APIReference/API_UpdatePartnerStatus.html) **
- **描述:** 授予更新合作伙伴集成状态的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台查看查询结果
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html) [仅权限]**
- **描述:** 授予权限以通过 Amazon Redshift 控制台终止正在运行的查询和负载
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
## Amazon Redshift 定义的资源类型
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#amazonredshift-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-clusters.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-clusters.html) | arn:${Partition}:redshift:${Region}:${Account}:cluster:${ClusterName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/dg/datashare-overview.html](https://docs.amazonaws.cn/redshift/latest/dg/datashare-overview.html) | arn:${Partition}:redshift:${Region}:${Account}:datashare:${ProducerClusterNamespace}/${DataShareName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/dg/r_CREATE_GROUP.html](https://docs.amazonaws.cn/redshift/latest/dg/r_CREATE_GROUP.html) | arn:${Partition}:redshift:${Region}:${Account}:dbgroup:${ClusterName}/${DbGroup} | |
| [https://docs.amazonaws.cn/redshift/latest/dg/t_creating_database.html](https://docs.amazonaws.cn/redshift/latest/dg/t_creating_database.html) | arn:${Partition}:redshift:${Region}:${Account}:dbname:${ClusterName}/${DbName} | |
| [https://docs.amazonaws.cn/redshift/latest/dg/r_Users.html](https://docs.amazonaws.cn/redshift/latest/dg/r_Users.html) | arn:${Partition}:redshift:${Region}:${Account}:dbuser:${ClusterName}/${DbUser} | |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-events.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-events.html) | arn:${Partition}:redshift:${Region}:${Account}:eventsubscription:${EventSubscriptionName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM) | arn:${Partition}:redshift:${Region}:${Account}:hsmclientcertificate:${HSMClientCertificateId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM) | arn:${Partition}:redshift:${Region}:${Account}:hsmconfiguration:${HSMConfigurationId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/zero-etl-using.html](https://docs.amazonaws.cn/redshift/latest/mgmt/zero-etl-using.html) | arn:${Partition}:redshift:${Region}:${Account}:integration:${IntegrationIdentifier} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/dg/concepts.html](https://docs.amazonaws.cn/redshift/latest/dg/concepts.html) | arn:${Partition}:redshift:${Region}:${Account}:namespace:${ClusterNamespace} | |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-parameter-groups.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-parameter-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:parametergroup:${ParameterGroupName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-security-groups.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-security-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-security-groups.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-security-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-security-groups.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-security-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-snapshots.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-snapshots.html) | arn:${Partition}:redshift:${Region}:${Account}:snapshot:${ClusterName}/${SnapshotName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-db-encryption.html#configure-snapshot-copy-grant](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-db-encryption.html#configure-snapshot-copy-grant) | arn:${Partition}:redshift:${Region}:${Account}:snapshotcopygrant:${SnapshotCopyGrantName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-snapshots.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-snapshots.html) | arn:${Partition}:redshift:${Region}:${Account}:snapshotschedule:${ScheduleIdentifier} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-cluster-subnet-groups.html](https://docs.amazonaws.cn/redshift/latest/mgmt/working-with-cluster-subnet-groups.html) | arn:${Partition}:redshift:${Region}:${Account}:subnetgroup:${SubnetGroupName} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/managing-cluster-usage-limits.html](https://docs.amazonaws.cn/redshift/latest/mgmt/managing-cluster-usage-limits.html) | arn:${Partition}:redshift:${Region}:${Account}:usagelimit:${UsageLimitId} | [#amazonredshift-aws_ResourceTag___TagKey_](#amazonredshift-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) | arn:${Partition}:redshift:${Region}:${Account}:redshiftidcapplication:${RedshiftIdcApplicationId} | |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html) | arn:${Partition}:redshift:${Region}:${Account}:qev2idcapplication:${Qev2IdcApplicationId} | |
## Amazon Redshift 的条件键
Amazon Redshift 定义了以下可以在 IAM policy 的 `Condition` 元素中使用的条件键。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [Amazon 全局条件上下文键](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | Type |
| --- | --- | --- |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 根据每个标签的允许值集按操作筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 根据与资源关联的标签值,按操作筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 根据在请求中是否具有必需标签按操作筛选访问权限 | ArrayOfString |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按 allowWrites 输入参数筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按数据共享使用者 ARN 筛选访问权限 | 进行筛选 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按数据共享使用者筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按数据库名称筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按数据库用户名筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 根据距临时凭证集到期剩余的秒数筛选访问权限。 | 字符串 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按入站零 ETL 集成资源的 ARN 筛选访问权限 | 进行筛选 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按零 ETL 集成资源的 ARN 筛选访问权限 | 进行筛选 |
| [https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions](https://docs.amazonaws.cn/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions) | 按零 ETL 集成目标的 ARN 筛选访问权限 | 进行筛选 |