IAM User with AdministratorAccess Cannot Access Redshift Clusters in Query Editor v2



I am unable to view any clusters in Redshift Query Editor v2 despite having been granted AdministratorAccess to my IAM account on AWS. I receive the following error message: "An error occurred fetching clusters and workgroups. User: arn:aws:iam::***:user/hoang is not authorized to perform: tag:GetResources with an explicit deny in a service control policy"

I have verified that my IAM user has the AdministratorAccess policy attached, and I have also checked for any service control policies that might be restricting access. However, I am still unable to access the clusters.! Enter image description here Enter image description here Enter image description here

I would appreciate it if you could investigate this issue and help me resolve it as soon as possible.

Additional Information:

  • IAM User: hoang
  • IAM User ARN: arn:aws:iam::***:user/hoang
  • Error Message: "An error occurred fetching clusters and workgroups. User: arn:aws:iam::***:user/hoang is not authorized to perform: tag:GetResources with an explicit deny in a service control policy" Thank you for your assistance.
1 Risposta


The error message “with an explicit deny in a service control policy” suggests that “tag:GetResources” is restricted by the SCP feature of Organizations, not IAM policy.
Therefore, I recommend that you contact the person who manages your AWS account or the administrator of your organization to check whether "tag:GetResources" etc. are restricted by SCP.

By the way, what kind of settings are you using in SCP?
Additionally, SCPs also inherit policies set in higher-level OUs, so if the OU of the AWS account in which the error occurs is a child OU, please also check the SCP set in the higher-level OU.

profile picture
con risposta un mese fa
profile picture
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande