You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/reference/offline-stores/redshift.md
+163Lines changed: 163 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,3 +29,166 @@ offline_store:
29
29
30
30
Configuration options are available [here](https://github.com/feast-dev/feast/blob/bf557bcb72c7878a16dccb48443bbbe9dc3efa49/sdk/python/feast/infra/offline_stores/redshift.py#L22).
31
31
32
+
### Permissions
33
+
34
+
Feast requires the following permissions in order to execute commands for Redshift offline store:
In addition to this, Redshift offline store requires an IAM role that will be used by Redshift itself to interact with S3. More concretely, Redshift has to use this IAM role to run <ahref="https://docs.aws.amazon.com/redshift/latest/dg/r_UNLOAD.html">UNLOAD</a> and <ahref="https://docs.aws.amazon.com/redshift/latest/dg/r_COPY.html">COPY</a> commands. Once created, this IAM role needs to be configured in `feature_store.yaml` file as `offline_store: iam_role`.
160
+
161
+
The following inline policy can be used to grant Redshift necessary permissions to access S3:
162
+
163
+
```json
164
+
{
165
+
"Statement": [
166
+
{
167
+
"Action": "s3:*",
168
+
"Effect": "Allow",
169
+
"Resource": [
170
+
"arn:aws:s3:::feast-integration-tests",
171
+
"arn:aws:s3:::feast-integration-tests/*"
172
+
]
173
+
}
174
+
],
175
+
"Version": "2012-10-17"
176
+
}
177
+
```
178
+
179
+
While the following trust relationship is necessary to make sure that Redshift, and only Redshift can assume this role:
Copy file name to clipboardExpand all lines: docs/reference/online-stores/dynamodb.md
+62Lines changed: 62 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,3 +25,65 @@ online_store:
25
25
{% endcode %}
26
26
27
27
Configuration options are available [here](https://github.com/feast-dev/feast/blob/17bfa6118d6658d2bff53d7de8e2ccef5681714d/sdk/python/feast/infra/online_stores/dynamodb.py#L36).
28
+
29
+
### Permissions
30
+
31
+
Feast requires the following permissions in order to execute commands for DynamoDB online store:
The following inline policy can be used to grant Feast the necessary permissions:
67
+
68
+
```json
69
+
{
70
+
"Statement": [
71
+
{
72
+
"Action": [
73
+
"dynamodb:CreateTable",
74
+
"dynamodb:DescribeTable",
75
+
"dynamodb:DeleteTable",
76
+
"dynamodb:BatchWriteItem",
77
+
"dynamodb:GetItem"
78
+
],
79
+
"Effect": "Allow",
80
+
"Resource": [
81
+
"arn:aws:dynamodb:<region>:<account_id>:table/*"
82
+
]
83
+
}
84
+
],
85
+
"Version": "2012-10-17"
86
+
}
87
+
```
88
+
89
+
Lastly, this IAM role needs to be associated with the desired Redshift cluster. Please follow the official AWS guide for the necessary steps [here](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-add-role.html).
0 commit comments