Posted On: Nov 19, 2024
Amazon S3 Access Grants now integrate with Amazon Redshift. S3 Access Grants map identities from your Identity Provider (IdP), such as Entra ID or Okta, to datasets stored in Amazon S3, helping you to easily manage data permissions at scale. This integration gives you the ability to manage S3 permissions for Amazon IAM Identity Center users and groups when using Redshift, without the need to write and maintain bucket policies or individual IAM roles.
Using S3 Access Grants, you can grant permissions to buckets or prefixes in S3 to users and groups in your IdP by connecting S3 with IAM Identity Center. Then, when you use Identity Center authentication for Redshift, end users in the appropriate user groups will automatically have permission to read and write data in S3 using COPY, UNLOAD, and CREATE LIBRARY SQL commands. S3 Access Grants then automatically update S3 permissions as users are added and removed from user groups in the IdP.
Amazon S3 Access Grants with Amazon Redshift are available in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. For pricing details, visit Amazon S3 pricing and Amazon Redshift pricing. To learn more about S3 Access Grants, refer to the documentation.