Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-redshift-alpha: implement the IGrantable interface on Redshift Clusters #28013

Open
1 of 2 tasks
dontirun opened this issue Nov 15, 2023 · 1 comment
Open
1 of 2 tasks

aws-redshift-alpha: implement the IGrantable interface on Redshift Clusters #28013

dontirun opened this issue Nov 15, 2023 · 1 comment
Labels
@aws-cdk/aws-redshift Related to Amazon Redshift effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@dontirun
Copy link
Contributor

Describe the feature

Have Redshift Clusters implement the IGrantable interface.

Use Case

I use Redshift Clusters with Redshift Spectrum to read Data from S3 Buckets. It would be nice if I could use the the grant method to give my cluster access to S3 Buckets defined in the same applications

const cluster = new Cluster(this, 'Cluster', {...});
const bucket = new s3.Bucket(stack, 'KmsBucket',{
  encryptionKey: new kms.Key(stack,'Key')
})
// Granting permissions to read data from a KMS encrypted Bucket
bucket.grantRead(cluster)

Proposed Solution

  1. Add a default IAM role with no permissions to the Cluster to use as the grantPrincipal
  2. Pass the role into the list of IAM roles that used in the CfnCluster

Other Information

Having a default IAM role also makes it friendlier to add custom permissions to the cluster than creating a role and passing it into the Cluster Props

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.108.1

Environment details (OS name and version, etc.)

Not relevant, but macOs 13.4 (Ventura) 😄
@dontirun dontirun added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 15, 2023
@github-actions github-actions bot added the @aws-cdk/aws-redshift Related to Amazon Redshift label Nov 15, 2023
@khushail khushail added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Nov 15, 2023
@khushail
Copy link
Contributor

thanks @dontirun for submitting the FR.

@dontirun dontirun mentioned this issue Nov 16, 2023
Closed
@github-actions github-actions bot mentioned this issue Dec 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-redshift Related to Amazon Redshift effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(redshift-alpha): implement IGrantable with a default service IAM Role dontirun/aws-cdk
2 participants
@dontirun @khushail