-- 1. S3バケット作成
aws s3 mb s3://bucket123
aws s3 ls
-- 2. IAMポリシー作成
vim policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "s3export",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::bucket123/*",
"arn:aws:s3:::bucket123"
]
}
]
}
aws iam create-policy \
--policy-name policy01 \
--policy-document file://policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "redshift.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 4. ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01 \
--role-name role01
-- 5. クラスター作成
aws redshift create-cluster \
--db-name test \
--cluster-identifier redshift01 \
--cluster-type single-node \
--node-type dc2.large \
--master-username test \
--master-user-password 'password' \
--no-allow-version-upgrade \
--no-publicly-accessible \
--automated-snapshot-retention-period 0
-- 6. IAMロールをクラスターに関連付ける
aws redshift modify-cluster-iam-roles \
--cluster-identifier redshift01 \
--add-iam-roles arn:aws:iam::999999999999:role/role01
-- 7. テスト用テーブル作成
psql -h redshift01.xxxxxxxxxxxx.ap-northeast-1.redshift.amazonaws.com -p 5439 -d test -U test
create table tab1(col1 int,col2 varchar(100) );
insert into tab1 values(1,'AAA');
insert into tab1 values(2,'BBB');
insert into tab1 values(3,'CCC');
insert into tab1 values(4,'DDD');
insert into tab1 values(5,'EFF');
insert into tab1 values(6,'FFF');
select * from tab1;
-- 8. S3へのエクスポート実行
unload ('select * from tab1')
to 's3://bucket123/tab1_'
iam_role 'arn:aws:iam::999999999999:role/role01'
delimiter ',';
aws s3 ls s3://bucket123
aws s3 cp s3://bucket123/tab1_0000_part_00 .
aws s3 cp s3://bucket123/tab1_0001_part_00 .
-- 9. クリーンアップ
-- クラスター削除
aws redshift delete-cluster \
--cluster-identifier redshift01 \
--skip-final-cluster-snapshot
-- ロールの一覧
aws iam list-roles | grep role01
-- ロールの削除
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::999999999999:policy/policy01
aws iam delete-role --role-name role01
-- ポリシーの一覧
aws iam list-policies | grep policy01
-- ポリシーの削除
aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01
-- バケット削除
aws s3 rb s3://bucket123 --force