Return
-
Title
Foglight for Redshift preconfiguration -
Description
In order to allow full monitoring of Redshift, the agent will require an IAM user with sufficient privileges to execute system queries as well as access to metrics through CloudWatch. Skip any steps in user or policy creation that have already been performed. -
Resolution
IAM Policy Setup- Using the IAM service, create a policy called ClusterCredentialsPermission and use the following configuration
- Service – Select Redshift
- Actions – In Access Level | Write select GetClusterCredentials. In Permissions Management select CreateClusterUser and JoinGroup
- Resources – Select All Resources
- Review policy and save
IAM User Setup1. Using the IAM service, create an IAM user2. Create a name for the user and select the “Programmatic Access Option” (uses access ID and secret access key)3. When configuring permissions, select the “Attach existing policies directly” option and search for and add CloudWatchReadOnlyAccess and ClusterCredentialsPermission4. Finish creating the user
NOTE: a recent user found that two additional grants for select to svl_user_info and svv_table_info may be necessary. - Using the IAM service, create a policy called ClusterCredentialsPermission and use the following configuration
-
Additional Information
Current as of the 5.9.4.20 cartridge