endpoint_authorizations
Creates, updates, deletes or gets an endpoint_authorization resource or lists endpoint_authorizations in a region
Overview
| Name | endpoint_authorizations |
| Type | Resource |
| Description | Describes an endpoint authorization for authorizing Redshift-managed VPC endpoint access to a cluster across AWS accounts. |
| Id | aws.redshift.endpoint_authorizations |
Fields
| Name | Datatype | Description |
|---|---|---|
status | string | The status of the authorization action. |
grantee | string | The AWS account ID of the grantee of the cluster. |
account | string | The target AWS account ID to grant or revoke access for. |
grantor | string | The AWS account ID of the cluster owner. |
endpoint_count | integer | The number of Redshift-managed VPC endpoints created for the authorization. |
authorize_time | string | The time (UTC) when the authorization was created. |
allowed_vpcs | array | The VPCs allowed access to the cluster. |
force | boolean | Indicates whether to force the revoke action. If true, the Redshift-managed VPC endpoints associated with the endpoint authorization are also deleted. |
allowed_all_vpcs | boolean | Indicates whether all VPCs in the grantee account are allowed access to the cluster. |
vpc_ids | array | The virtual private cloud (VPC) identifiers to grant or revoke access to. |
cluster_identifier | string | The cluster identifier. |
cluster_status | string | The status of the cluster. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | ClusterIdentifier, Account, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all endpoint_authorizations in a region.
SELECT
region,
status,
grantee,
account,
grantor,
endpoint_count,
authorize_time,
allowed_vpcs,
force,
allowed_all_vpcs,
vpc_ids,
cluster_identifier,
cluster_status
FROM aws.redshift.endpoint_authorizations
WHERE region = 'us-east-1';
Gets all properties from an individual endpoint_authorization.
SELECT
region,
status,
grantee,
account,
grantor,
endpoint_count,
authorize_time,
allowed_vpcs,
force,
allowed_all_vpcs,
vpc_ids,
cluster_identifier,
cluster_status
FROM aws.redshift.endpoint_authorizations
WHERE region = 'us-east-1' AND data__Identifier = '<ClusterIdentifier>|<Account>';
INSERT example
Use the following StackQL query and manifest file to create a new endpoint_authorization resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.redshift.endpoint_authorizations (
Account,
ClusterIdentifier,
region
)
SELECT
'{{ Account }}',
'{{ ClusterIdentifier }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.redshift.endpoint_authorizations (
Account,
Force,
VpcIds,
ClusterIdentifier,
region
)
SELECT
'{{ Account }}',
'{{ Force }}',
'{{ VpcIds }}',
'{{ ClusterIdentifier }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: endpoint_authorization
props:
- name: Account
value: '{{ Account }}'
- name: Force
value: '{{ Force }}'
- name: VpcIds
value:
- '{{ VpcIds[0] }}'
- name: ClusterIdentifier
value: '{{ ClusterIdentifier }}'
DELETE example
/*+ delete */
DELETE FROM aws.redshift.endpoint_authorizations
WHERE data__Identifier = '<ClusterIdentifier|Account>'
AND region = 'us-east-1';
Permissions
To operate on the endpoint_authorizations resource, the following permissions are required:
Read
redshift:DescribeEndpointAuthorization
Create
redshift:AuthorizeEndpointAccess,
redshift:DescribeEndpointAuthorization
Update
redshift:AuthorizeEndpointAccess,
redshift:DescribeEndpointAuthorization,
redshift:RevokeEndpointAccess
List
redshift:DescribeEndpointAuthorization
Delete
redshift:RevokeEndpointAccess,
redshift:DeleteEndpointAccess,
redshift:DescribeEndpointAuthorization,
ec2:DeleteClientVpnEndpoint,
ec2:DescribeVpcAttribute,
ec2:DescribeSecurityGroups,
ec2:DescribeAddresses,
ec2:DescribeInternetGateways,
ec2:DescribeSubnets