Attach IAM Role to EC2 and Redshift Cluster

Documentation

Documentation Index

 

API Documentation:

Attach IAM Role to EC2 and Redshift Cluster

The recommended way to authorize access to S3, Redshift and SES is to attach an IAM role, with properly granted permissions,  to the CloudBasic EC2 instance (pair of instances if operating a CloudBasic Multi-AZ HA Cluster) and associate the IAM Role with the Redshift cluster. 

1. The IAM Role(s) can be created and attached at the time the CloudBasic instance is launched (in the given example a single role is used to facilitate access to S3, Redshift and SES):



2. The IAM Role(s) can be attached to an already running CloudBasic EC2 instance:



3. In addition to granting the IAM Role permission to Redshift, it needs to be also associated with the respective Redshift cluster. Note that the IAM role will be available to be associated with the cluster only if it a trust relationship between the IAM Role and Redshift is established (see the three screenshots below). For more information, visit the related AWS documentation section.




 

After granting the EC2 instance access to SES, there is one more step necessary to be completed, before you can configure email alerting under /Configuration - in the AWS Console, under SES, authorize the email (or the entire domain) that is going to be used as "Email From" email:

 

Then under /Configuration in the "SMTP/Mail Server Configuration" select the SES region and populate "Email From:" with the email authorized above. Test the configuration by sending a test email. Then you can proceed with configuring alerting under /Configuration.