Issue resizing Redshift cluster using AWS CLI

0
votes

Although, I already got this problem solved; but sharing my experience here so that if someone is stuck, this might be helpful to you.

Based on our use-case, we used to periodically resize our AWS Redshift cluster using AWS provided CLI.

We used to use this following script:

aws redshift modify-cluster  --region=eu-west-1 --cluster-identifier test-cluster --node-type dc1.large --number-of-nodes 2

It was throwing following error:

An error occurred (InternalFailure) when calling the ModifyCluster operation (reached max retries: 4): An internal error has occurred. Please try your query again at a later time.

I tried searching using an error message on google, but couldn't make out much information. I have checked the AWS keys are properly deployed on my machine where I am running the scripts from.

What is the problem here and why is it happening?

1
amazon-web-servicesamazon-redshiftaws-cli

1 Answers

2
votes

I got in touch with AWS support team. It came up with the following solution

The reason I was getting error was when redshift platform is attempting to do a describe VPC call on behalf of my account, it is getting an unauthorized exception which Redshift platform is swallowing and bubbling up Internal Failure.

I had to add a new IAM policy to an IAM user which I was using to resize your Redshift cluster.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "redshift:*",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAddresses",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "ec2:DescribeInternetGateways",
                "sns:CreateTopic",
                "sns:Get*",
                "sns:List*",
                "cloudwatch:Describe*",
                "cloudwatch:Get*",
                "cloudwatch:List*",
                "cloudwatch:PutMetricAlarm",
                "cloudwatch:EnableAlarmActions",
                "cloudwatch:DisableAlarmActions"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift",
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "redshift.amazonaws.com"
                }
            }
        }
    ]
}