Skip to main content
Tungsten Replicator

Configuring Identity Access Management within AWS

Identity Management with AWS is complex, but a useful and secure way of restricting services interacting with each other, and for restricting user access to the AWS platform.

Tungsten Replicator for Redshift, requires a certain level of interaction between the replicator and S3 and between Redshift and S3.

note

Tungsten Replicator will also allow for the use of IAM Roles for loading data from S3 into Redshift.

To use IAM Roles with Tungsten Replicator you will need to create two roles, with the following recommended policies:

To allow csv files to be loaded up to S3:

  • Role should be associated with the AWS Service: EC2
  • AWS Defined Policy Name: AmazonS3FullAccess, or
  • Define and create your own policy, with, at minimum, the ability to write to the bucket you intend to use for the Redshift Applier
  • Associate this role to the EC2 instance running the Tungsten Replicator software

For use by Redshift COPY command to load csv into staging tables:

  • Role should be associated with the AWS Service: Redshift
  • AWS Defined Policy Name: AmazonS3FullAccess, or
  • Define and create your own policy, with, at minimum, the ability to read from the bucket you intend to use for the Redshift Applier
  • Associate this role to the Redshift Cluster.
note

For more details and full instructions on creating and managing IAM roles, review the "AWS documentation"