When I was trying to enable the Audit Log for AWS Redshift, I chose to use a exists bucket in S3. But it reports error:
"Cannot read ACLs of bucket redshift-robin. Please ensure that your IAM permissions are set up correctly." "Service: AmazonRedshift; Status Code: 400; Error Code: InsufficientS3BucketPolicyFault ...."
According to this document, I need to change permission of bucket “redshift-robin”. So I entered the AWS Console of S3, click bucket name of “redshift-robin” in left panel, and saw description of permissions:
Press “Add Bucket Policy”, and in the pop-out-window, press “AWS Policy Generator”. Here came the generator, which is easy to use for creating policy.
Add two policy for “redshift-robin”:
The “902366379725” is the account-id of us-west-2 region (Oregon)
Click “Generate Policy”, and copy the generated JSON to “Bucket Policy Editor”:
Press “Save”. Now, we could enable Audit Log of Redshift for bucket “redshift-robin”:
good security! give it everything possible