**To modify the IAM role for a cluster** The following ``modify-cluster-iam-roles`` example removes the specified AWS IAM role from the specified cluster. :: aws redshift modify-cluster-iam-roles \ --cluster-identifier mycluster \ --remove-iam-roles arn:aws:iam::123456789012:role/myRedshiftRole Output:: { "Cluster": { "ClusterIdentifier": "mycluster", "NodeType": "dc2.large", "ClusterStatus": "available", "ClusterAvailabilityStatus": "Available", "MasterUsername": "adminuser", "DBName": "dev", "Endpoint": { "Address": "mycluster.cmeaswqeuae.us-west-2.redshift.amazonaws.com", "Port": 5439 }, "ClusterCreateTime": "2019-12-05T18:44:36.991Z", "AutomatedSnapshotRetentionPeriod": 3, "ManualSnapshotRetentionPeriod": -1, "ClusterSecurityGroups": [], "VpcSecurityGroups": [ { "VpcSecurityGroupId": "sh-f9b731sd", "Status": "active" } ], "ClusterParameterGroups": [ { "ParameterGroupName": "default.redshift-1.0", "ParameterApplyStatus": "in-sync" } ], "ClusterSubnetGroupName": "default", "VpcId": "vpc-b2fal7t9", "AvailabilityZone": "us-west-2f", "PreferredMaintenanceWindow": "sat:16:00-sat:16:30", "PendingModifiedValues": { "NodeType": "dc2.large", "NumberOfNodes": 2, "ClusterType": "multi-node" }, "ClusterVersion": "1.0", "AllowVersionUpgrade": true, "NumberOfNodes": 4, "PubliclyAccessible": false, "Encrypted": false, "ClusterSnapshotCopyStatus": { "DestinationRegion": "us-west-1", "RetentionPeriod": 7, "ManualSnapshotRetentionPeriod": -1 }, "Tags": [ { "Key": "mytags", "Value": "tag1" } ], "EnhancedVpcRouting": false, "IamRoles": [], "MaintenanceTrackName": "current", "DeferredMaintenanceWindows": [], "ExpectedNextSnapshotScheduleTime": "2019-12-11T04:42:55.631Z", "ExpectedNextSnapshotScheduleTimeStatus": "OnTrack", "NextMaintenanceWindowStartTime": "2019-12-14T16:00:00Z" } } For more information, see `Using Identity-Based Policies (IAM Policies) for Amazon Redshift <https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-identity-based.html>`__ in the *Amazon Redshift Cluster Management Guide*.