Service: Amazon RDS
Short Name:
rds
ARN Format:
arn:aws:rds:${Region}:${Account}:${RelativeId}ARN Regex:
^arn:aws:rds:.+ReadOnlyAccess
…
AmazonDevOpsGuruServiceRolePolicyAction | Access | Reference | Description |
|---|---|---|---|
| rds:DescribeAccountAttributes | Docs | Grants permission to list all of the attributes for a customer account | |
| rds:DescribeBlueGreenDeployments | Docs | Grants permission to describe blue green deployments | |
| rds:DescribeCertificates | Docs | Grants permission to list the set of CA certificates provided by Amazon RDS for this AWS account | |
| rds:DescribeDBClusterAutomatedBackups | Docs | Grants permission to return a list of cluster automated backups for both current and deleted clusters | |
| rds:DescribeDBClusterBacktracks | Docs | Grants permission to return information about backtracks for a DB cluster | |
| rds:DescribeDBClusterEndpoints | Docs | Grants permission to return information about endpoints for an Amazon Aurora DB cluster | |
| rds:DescribeDBClusterParameterGroups | Docs | Grants permission to return a list of DBClusterParameterGroup descriptions | |
| rds:DescribeDBClusterParameters | Docs | Grants permission to return the detailed parameter list for a particular DB cluster parameter group | |
| rds:DescribeDBClusters | Docs | Grants permission to return information about provisioned Aurora DB clusters | |
| rds:DescribeDBClusterSnapshotAttributes | Docs | Grants permission to return a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot | |
| rds:DescribeDBClusterSnapshots | Docs | Grants permission to return information about DB cluster snapshots | |
| rds:DescribeDBEngineVersions | Docs | Grants permission to return a list of the available DB engines | |
| rds:DescribeDBInstanceAutomatedBackups | Docs | Grants permission to return a list of automated backups for both current and deleted instances | |
| rds:DescribeDBInstances | Docs | Grants permission to return information about provisioned RDS instances | |
| rds:DescribeDBLogFiles | Docs | Grants permission to return a list of DB log files for the DB instance | |
| rds:DescribeDBParameterGroups | Docs | Grants permission to return a list of DBParameterGroup descriptions | |
| rds:DescribeDBParameters | Docs | Grants permission to return the detailed parameter list for a particular DB parameter group | |
| rds:DescribeDBProxies | Docs | Grants permission to view proxies | |
| rds:DescribeDBProxyEndpoints | Docs | Grants permission to view proxy endpoints | |
| rds:DescribeDBProxyTargetGroups | Docs | Grants permission to view database proxy target group details | |
| rds:DescribeDBProxyTargets | Docs | Grants permission to view database proxy target details | |
| rds:DescribeDBRecommendations | Docs | Grants permission to list recommendation details | |
| rds:DescribeDBSecurityGroups | Docs | Grants permission to return a list of DBSecurityGroup descriptions | |
| rds:DescribeDBSnapshotAttributes | Docs | Grants permission to return a list of DB snapshot attribute names and values for a manual DB snapshot | |
| rds:DescribeDBSnapshots | Docs | Grants permission to return information about DB snapshots | |
| rds:DescribeDbSnapshotTenantDatabases | Docs | Grants permission to return information about tenant databases in DB snapshots. You can filter by Region or snapshot | |
| rds:DescribeDBSubnetGroups | Docs | Grants permission to return a list of DBSubnetGroup descriptions | |
| rds:DescribeEngineDefaultClusterParameters | Docs | Grants permission to return the default engine and system parameter information for the cluster database engine | |
| rds:DescribeEngineDefaultParameters | Docs | Grants permission to return the default engine and system parameter information for the specified database engine | |
| rds:DescribeEventCategories | Docs | Grants permission to display a list of categories for all event source types, or, if specified, for a specified source type | |
| rds:DescribeEvents | Docs | Grants permission to return events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days | |
| rds:DescribeEventSubscriptions | Docs | Grants permission to list all the subscription descriptions for a customer account | |
| rds:DescribeExportTasks | Docs | Grants permission to return information about the export tasks | |
| rds:DescribeGlobalClusters | Docs | Grants permission to return information about Aurora global database clusters | |
| rds:DescribeIntegrations | Docs | Grants permission to describe an Aurora zero-ETL integration with Redshift | |
| rds:DescribeOptionGroupOptions | Docs | Grants permission to describe all available options | |
| rds:DescribeOptionGroups | Docs | Grants permission to describe the available option groups | |
| rds:DescribeOrderableDBInstanceOptions | Docs | Grants permission to return a list of orderable DB instance options for the specified engine | |
| rds:DescribePendingMaintenanceActions | Docs | Grants permission to return a list of resources (for example, DB instances) that have at least one pending maintenance action | |
| rds:DescribeReservedDBInstances | Docs | Grants permission to return information about reserved DB instances for this account, or about a specified reserved DB instance | |
| rds:DescribeReservedDBInstancesOfferings | Docs | Grants permission to list available reserved DB instance offerings | |
| rds:DescribeSourceRegions | Docs | Grants permission to return a list of the source AWS Regions where the current AWS Region can create a Read Replica or copy a DB snapshot from | |
| rds:DescribeTenantDatabases | Docs | Grants permission to return information about provisioned tenant databases. You can filter by Region or snapshot | |
| rds:DescribeValidDBInstanceModifications | Docs | Grants permission to list available modifications you can make to your DB instance | |
| rds:AuthorizeDBSecurityGroupIngress | Docs | Grants permission to enable ingress to a DBSecurityGroup using one of two forms of authorization | |
| rds:DescribeRecommendationGroups | Docs | Grants permission to return information about recommendation groups | |
| rds:DescribeRecommendations | Docs | Grants permission to return information about recommendations | |
| rds:DownloadCompleteDBLogFile | Docs | Grants permission to download specified log file | |
| rds:DownloadDBLogFilePortion | Docs | Grants permission to download all or a portion of the specified log file, up to 1 MB in size | |
| rds:ListTagsForResource | Docs | Grants permission to list all tags on an Amazon RDS resource | |
| rds:AddTagsToResource | Docs | Grants permission to add metadata tags to an Amazon RDS resource | |
| rds:RemoveTagsFromResource | Docs | Grants permission to remove metadata tags from an Amazon RDS resource | |
| rds:AddRoleToDBCluster | Docs | Grants permission to associate an Identity and Access Management (IAM) role from an Aurora DB cluster | |
| rds:AddRoleToDBInstance | Docs | Grants permission to associate an AWS Identity and Access Management (IAM) role with a DB instance | |
| rds:AddSourceIdentifierToSubscription | Docs | Grants permission to add a source identifier to an existing RDS event notification subscription | |
| rds:ApplyPendingMaintenanceAction | Docs | Grants permission to apply a pending maintenance action to a resource | |
| rds:BacktrackDBCluster | Docs | Grants permission to backtrack a DB cluster to a specific time, without creating a new DB cluster | |
| rds:CancelExportTask | Docs | Grants permission to cancel an export task in progress | |
| rds:CopyDBClusterParameterGroup | Docs | Grants permission to copy the specified DB cluster parameter group | |
| rds:CopyDBClusterSnapshot | Docs | Grants permission to create a snapshot of a DB cluster | |
| rds:CopyDBParameterGroup | Docs | Grants permission to copy the specified DB parameter group | |
| rds:CopyDBSnapshot | Docs | Grants permission to copy the specified DB snapshot | |
| rds:CopyOptionGroup | Docs | Grants permission to copy the specified option group | |
| rds:CreateBlueGreenDeployment | Docs | Grants permission to create a blue-green deployment for a given source cluster or instance | |
| rds:CreateCustomDBEngineVersion | Docs | Grants permission to create a custom engine version | |
| rds:CreateDBCluster | Docs | Grants permission to create a new Amazon Aurora DB cluster | |
| rds:CreateDBClusterEndpoint | Docs | Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster | |
| rds:CreateDBClusterParameterGroup | Docs | Grants permission to create a new DB cluster parameter group | |
| rds:CreateDBClusterSnapshot | Docs | Grants permission to create a snapshot of a DB cluster | |
| rds:CreateDBInstance | Docs | Grants permission to create a new DB instance | |
| rds:CreateDBInstanceReadReplica | Docs | Grants permission to create a DB instance that acts as a Read Replica of a source DB instance | |
| rds:CreateDBParameterGroup | Docs | Grants permission to create a new DB parameter group | |
| rds:CreateDBProxy | Docs | Grants permission to create a database proxy | |
| rds:CreateDBProxyEndpoint | Docs | Grants permission to create a database proxy endpoint | |
| rds:CreateDBSecurityGroup | Docs | Grants permission to create a new DB security group. DB security groups control access to a DB instance | |
| rds:CreateDBSnapshot | Docs | Grants permission to create a DBSnapshot | |
| rds:CreateDBSubnetGroup | Docs | Grants permission to create a new DB subnet group | |
| rds:CreateEventSubscription | Docs | Grants permission to create an RDS event notification subscription | |
| rds:CreateGlobalCluster | Docs | Grants permission to create an Aurora global database spread across multiple regions | |
| rds:CreateIntegration | Docs | Grants permission to create an Aurora zero-ETL integration with Redshift | |
| rds:CreateOptionGroup | Docs | Grants permission to create a new option group | |
| rds:CreateTenantDatabase | Docs | Grants permission to create a new tenant database | |
| rds:CrossRegionCommunication | Docs | Grants permission to access a resource in the remote Region when executing cross-Region operations, such as cross-Region snapshot copy or cross-Region read replica creation | |
| rds:DeleteBlueGreenDeployment | Docs | Grants permission to delete blue green deployments | |
| rds:DeleteCustomDBEngineVersion | Docs | Grants permission to delete an existing custom engine version | |
| rds:DeleteDBCluster | Docs | Grants permission to delete a previously provisioned DB cluster | |
| rds:DeleteDBClusterAutomatedBackup | Docs | Grants permission to delete cluster automated backups based on the source cluster's DbClusterResourceId value or the restorable cluster's resource ID | |
| rds:DeleteDBClusterEndpoint | Docs | Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster | |
| rds:DeleteDBClusterParameterGroup | Docs | Grants permission to delete a specified DB cluster parameter group | |
| rds:DeleteDBClusterSnapshot | Docs | Grants permission to delete a DB cluster snapshot | |
| rds:DeleteDBInstance | Docs | Grants permission to delete a previously provisioned DB instance | |
| rds:DeleteDBInstanceAutomatedBackup | Docs | Grants permission to delete automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID | |
| rds:DeleteDBParameterGroup | Docs | Grants permission to delete a specified DBParameterGroup | |
| rds:DeleteDBProxy | Docs | Grants permission to delete a database proxy | |
| rds:DeleteDBProxyEndpoint | Docs | Grants permission to delete a database proxy endpoint | |
| rds:DeleteDBSecurityGroup | Docs | Grants permission to delete a DB security group | |
| rds:DeleteDBSnapshot | Docs | Grants permission to delete a DBSnapshot | |
| rds:DeleteDBSubnetGroup | Docs | Grants permission to delete a DB subnet group | |
| rds:DeleteEventSubscription | Docs | Grants permission to delete an RDS event notification subscription | |
| rds:DeleteGlobalCluster | Docs | Grants permission to delete a global database cluster | |
| rds:DeleteIntegration | Docs | Grants permission to delete an Aurora zero-ETL integration with Redshift | |
| rds:DeleteOptionGroup | Docs | Grants permission to delete an existing option group | |
| rds:DeleteTenantDatabase | Docs | Grants permission to delete a tenant database | |
| rds:DeregisterDBProxyTargets | Docs | Grants permission to remove targets from a database proxy target group | |
| rds:DisableHttpEndpoint | Docs | Grants permission to disable http endpoint for a DB cluster | |
| rds:EnableHttpEndpoint | Docs | Grants permission to enable http endpoint for a DB cluster | |
| rds:FailoverDBCluster | Docs | Grants permission to force a failover for a DB cluster | |
| rds:FailoverGlobalCluster | Docs | Grants permission to failover a global cluster | |
| rds:ModifyActivityStream | Docs | Grants permission to modify a database activity stream | |
| rds:ModifyCertificates | Docs | Grants permission to modify the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances | |
| rds:ModifyCurrentDBClusterCapacity | Docs | Grants permission to modify current cluster capacity for an Amazon Aurora Severless DB cluster | |
| rds:ModifyCustomDBEngineVersion | Docs | Grants permission to modify an existing custom engine version | |
| rds:ModifyDBCluster | Docs | Grants permission to modify a setting for an Amazon Aurora DB cluster | |
| rds:ModifyDBClusterEndpoint | Docs | Grants permission to modify the properties of an endpoint in an Amazon Aurora DB cluster | |
| rds:ModifyDBClusterParameterGroup | Docs | Grants permission to modify the parameters of a DB cluster parameter group | |
| rds:ModifyDBClusterSnapshotAttribute | Docs | Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot | |
| rds:ModifyDBInstance | Docs | Grants permission to modify settings for a DB instance | |
| rds:ModifyDBParameterGroup | Docs | Grants permission to modify the parameters of a DB parameter group | |
| rds:ModifyDBProxy | Docs | Grants permission to modify database proxy | |
| rds:ModifyDBProxyEndpoint | Docs | Grants permission to modify database proxy endpoint | |
| rds:ModifyDBProxyTargetGroup | Docs | Grants permission to modify target group for a database proxy | |
| rds:ModifyDBRecommendation | Docs | Grants permission to modify recommendation | |
| rds:ModifyDBSnapshot | Docs | Grants permission to update a manual DB snapshot, which can be encrypted or not encrypted, with a new engine version | |
| rds:ModifyDBSnapshotAttribute | Docs | Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB snapshot | |
| rds:ModifyDBSubnetGroup | Docs | Grants permission to modify an existing DB subnet group | |
| rds:ModifyEventSubscription | Docs | Grants permission to modify an existing RDS event notification subscription | |
| rds:ModifyGlobalCluster | Docs | Grants permission to modify a setting for an Amazon Aurora global cluster | |
| rds:ModifyOptionGroup | Docs | Grants permission to modify an existing option group | |
| rds:ModifyRecommendation | Docs | Grants permission to modify recommendation | |
| rds:ModifyTenantDatabase | Docs | Grants permission to modify a tenant database | |
| rds:PromoteReadReplica | Docs | Grants permission to promote a Read Replica DB instance to a standalone DB instance | |
| rds:PromoteReadReplicaDBCluster | Docs | Grants permission to promote a Read Replica DB cluster to a standalone DB cluster | |
| rds:PurchaseReservedDBInstancesOffering | Docs | Grants permission to purchase a reserved DB instance offering | |
| rds:RebootDBCluster | Docs | Grants permission to reboot a previously provisioned DB cluster | |
| rds:RebootDBInstance | Docs | Grants permission to restart the database engine service | |
| rds:RegisterDBProxyTargets | Docs | Grants permission to add targets to a database proxy target group | |
| rds:RemoveFromGlobalCluster | Docs | Grants permission to detach an Aurora secondary cluster from an Aurora global database cluster | |
| rds:RemoveRoleFromDBCluster | Docs | Grants permission to disassociate an AWS Identity and Access Management (IAM) role from an Amazon Aurora DB cluster | |
| rds:RemoveRoleFromDBInstance | Docs | Grants permission to disassociate an AWS Identity and Access Management (IAM) role from a DB instance | |
| rds:RemoveSourceIdentifierFromSubscription | Docs | Grants permission to remove a source identifier from an existing RDS event notification subscription | |
| rds:ResetDBClusterParameterGroup | Docs | Grants permission to modify the parameters of a DB cluster parameter group to the default value | |
| rds:ResetDBParameterGroup | Docs | Grants permission to modify the parameters of a DB parameter group to the engine/system default value | |
| rds:RestoreDBClusterFromS3 | Docs | Grants permission to create an Amazon Aurora DB cluster from data stored in an Amazon S3 bucket | |
| rds:RestoreDBClusterFromSnapshot | Docs | Grants permission to create a new DB cluster from a DB cluster snapshot | |
| rds:RestoreDBClusterToPointInTime | Docs | Grants permission to restore a DB cluster to an arbitrary point in time | |
| rds:RestoreDBInstanceFromDBSnapshot | Docs | Grants permission to create a new DB instance from a DB snapshot | |
| rds:RestoreDBInstanceFromS3 | Docs | Grants permission to create a new DB instance from an Amazon S3 bucket | |
| rds:RestoreDBInstanceToPointInTime | Docs | Grants permission to restore a DB instance to an arbitrary point in time | |
| rds:RevokeDBSecurityGroupIngress | Docs | Grants permission to revoke ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups | |
| rds:StartActivityStream | Docs | Grants permission to start Activity Stream | |
| rds:StartDBCluster | Docs | Grants permission to start the DB cluster | |
| rds:StartDBInstance | Docs | Grants permission to start the DB instance | |
| rds:StartDBInstanceAutomatedBackupsReplication | Docs | Grants permission to start replication of automated backups to a different AWS Region | |
| rds:StartExportTask | Docs | Grants permission to start a new Export task for a DB snapshot | |
| rds:StopActivityStream | Docs | Grants permission to stop Activity Stream | |
| rds:StopDBCluster | Docs | Grants permission to stop the DB cluster | |
| rds:StopDBInstance | Docs | Grants permission to stop the DB instance | |
| rds:StopDBInstanceAutomatedBackupsReplication | Docs | Grants permission to stop automated backup replication for a DB instance | |
| rds:SwitchoverBlueGreenDeployment | Docs | Grants permission to switch a blue-green deployment from source instance or cluster to target | |
| rds:SwitchoverGlobalCluster | Docs | Grants permission to switchover a global cluster | |
| rds:SwitchoverReadReplica | Docs | Grants permission to switch over a read replica, making it the new primary database |
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeysrds:BackupTargetrds:CopyOptionGrouprds:DatabaseClassrds:DatabaseEnginerds:DatabaseNamerds:EndpointTyperds:ManageMasterUserPasswordrds:MultiAzrds:MultiTenantrds:Piopsrds:StorageEncryptedrds:StorageSizerds:TenantDatabaseNamerds:Vpcrds:cluster-pg-tag/${TagKey}rds:cluster-snapshot-tag/${TagKey}rds:cluster-tag/${TagKey}rds:db-tag/${TagKey}rds:es-tag/${TagKey}rds:og-tag/${TagKey}rds:pg-tag/${TagKey}rds:req-tag/${TagKey}rds:ri-tag/${TagKey}rds:secgrp-tag/${TagKey}rds:snapshot-tag/${TagKey}rds:subgrp-tag/${TagKey}