endpoint_authorizations
Creates, updates, deletes or gets an endpoint_authorization resource or lists endpoint_authorizations in a region
Overview
| Name | endpoint_authorizations |
| Type | Resource |
| Description | Describes an endpoint authorization for authorizing Redshift-managed VPC endpoint access to a cluster across AWS accounts. |
| Id | awscc.redshift.endpoint_authorizations |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
status | string | The status of the authorization action. |
grantee | string | The AWS account ID of the grantee of the cluster. |
endpoint_count | integer | The number of Redshift-managed VPC endpoints created for the authorization. |
authorize_time | string | The time (UTC) when the authorization was created. |
allowed_vpcs | array | The VPCs allowed access to the cluster. |
force | boolean | Indicates whether to force the revoke action. If true, the Redshift-managed VPC endpoints associated with the endpoint authorization are also deleted. |
allowed_all_vpcs | boolean | Indicates whether all VPCs in the grantee account are allowed access to the cluster. |
vpc_ids | array | The virtual private cloud (VPC) identifiers to grant or revoke access to. |
cluster_identifier | string | The cluster identifier. |
cluster_status | string | The status of the cluster. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
cluster_identifier | string | The cluster identifier. |
region | string | AWS region. |
For more information, see AWS::Redshift::EndpointAuthorization.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | endpoint_authorizations | INSERT | ClusterIdentifier, Account, region |
delete_resource | endpoint_authorizations | DELETE | Identifier, region |
update_resource | endpoint_authorizations | UPDATE | Identifier, PatchDocument, region |
list_resources | endpoint_authorizations_list_only | SELECT | region |
get_resource | endpoint_authorizations | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual endpoint_authorization.
SELECT
region,
status,
grantee,
account,
grantor,
endpoint_count,
authorize_time,
allowed_vpcs,
force,
allowed_all_vpcs,
vpc_ids,
cluster_identifier,
cluster_status
FROM awscc.redshift.endpoint_authorizations
WHERE
region = 'us-east-1' AND
Identifier = '{{ cluster_identifier }}|{{ account }}';
Lists all endpoint_authorizations in a region.
SELECT
region,
cluster_identifier,
account
FROM awscc.redshift.endpoint_authorizations_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new endpoint_authorization resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.redshift.endpoint_authorizations (
Account,
ClusterIdentifier,
region
)
SELECT
'{{ account }}',
'{{ cluster_identifier }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.redshift.endpoint_authorizations (
Account,
Force,
VpcIds,
ClusterIdentifier,
region
)
SELECT
'{{ account }}',
'{{ force }}',
'{{ vpc_ids }}',
'{{ cluster_identifier }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: endpoint_authorization
props:
- name: account
value: '{{ account }}'
- name: force
value: '{{ force }}'
- name: vpc_ids
value:
- '{{ vpc_ids[0] }}'
- name: cluster_identifier
value: '{{ cluster_identifier }}'
UPDATE example
Use the following StackQL query and manifest file to update a endpoint_authorization resource, using stack-deploy.
/*+ update */
UPDATE awscc.redshift.endpoint_authorizations
SET PatchDocument = string('{{ {
"Force": force,
"VpcIds": vpc_ids
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ cluster_identifier }}|{{ account }}';
DELETE example
/*+ delete */
DELETE FROM awscc.redshift.endpoint_authorizations
WHERE
Identifier = '{{ cluster_identifier }}|{{ account }}' AND
region = 'us-east-1';
Permissions
To operate on the endpoint_authorizations resource, the following permissions are required:
- Read
- Create
- Update
- List
- Delete
redshift:DescribeEndpointAuthorization
redshift:AuthorizeEndpointAccess,
redshift:DescribeEndpointAuthorization
redshift:AuthorizeEndpointAccess,
redshift:DescribeEndpointAuthorization,
redshift:RevokeEndpointAccess
redshift:DescribeEndpointAuthorization
redshift:RevokeEndpointAccess,
redshift:DeleteEndpointAccess,
redshift:DescribeEndpointAuthorization,
ec2:DeleteClientVpnEndpoint,
ec2:DescribeVpcAttribute,
ec2:DescribeSecurityGroups,
ec2:DescribeAddresses,
ec2:DescribeInternetGateways,
ec2:DescribeSubnets