There are two types of access control in AWS: key based and role based. Key based is much easier to set up but cannot be used to make Kinesis, Redshift, and S3 talk to each other, as AWS indicates at http://docs.aws.amazon.com/redshift/latest/dg/copy-usage_notes-access-permissions.html:
With role-based access control, your cluster temporarily assumes an IAM role on your behalf. Then, based on the authorizations granted to the role, your cluster can access the required AWS resources. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one user, a role can be ...