@cloud-copilot/iam-data
Version:
1,895 lines • 95 kB
JSON
{
"addroletodbcluster": {
"name": "AddRoleToDBCluster",
"description": "Grants permission to associate an Identity and Access Management (IAM) role from an Aurora DB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
},
"addroletodbinstance": {
"name": "AddRoleToDBInstance",
"description": "Grants permission to associate an AWS Identity and Access Management (IAM) role with a DB instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
},
"addsourceidentifiertosubscription": {
"name": "AddSourceIdentifierToSubscription",
"description": "Grants permission to add a source identifier to an existing RDS event notification subscription",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "es",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"addtagstoresource": {
"name": "AddTagsToResource",
"description": "Grants permission to add metadata tags to an Amazon RDS resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "cev",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-endpoint",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "deployment",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "es",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "integration",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "og",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "proxy",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "proxy-endpoint",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "ri",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "secgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "shardgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot-tenant-database",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "target-group",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "tenant-database",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"applypendingmaintenanceaction": {
"name": "ApplyPendingMaintenanceAction",
"description": "Grants permission to apply a pending maintenance action to a resource",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"authorizedbsecuritygroupingress": {
"name": "AuthorizeDBSecurityGroupIngress",
"description": "Grants permission to enable ingress to a DBSecurityGroup using one of two forms of authorization",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "secgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"backtrackdbcluster": {
"name": "BacktrackDBCluster",
"description": "Grants permission to backtrack a DB cluster to a specific time, without creating a new DB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"cancelexporttask": {
"name": "CancelExportTask",
"description": "Grants permission to cancel an export task in progress",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"copycustomdbengineversion": {
"name": "CopyCustomDBEngineVersion",
"isPermissionOnly": true,
"description": "Grants permission to copy a custom engine version",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cev",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"copydbclusterparametergroup": {
"name": "CopyDBClusterParameterGroup",
"description": "Grants permission to copy the specified DB cluster parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-pg",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"copydbclustersnapshot": {
"name": "CopyDBClusterSnapshot",
"description": "Grants permission to create a snapshot of a DB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"copydbparametergroup": {
"name": "CopyDBParameterGroup",
"description": "Grants permission to copy the specified DB parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "pg",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"copydbsnapshot": {
"name": "CopyDBSnapshot",
"description": "Grants permission to copy the specified DB snapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource",
"rds:CopyCustomDBEngineVersion"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:CopyOptionGroup"
],
"dependentActions": []
},
"copyoptiongroup": {
"name": "CopyOptionGroup",
"description": "Grants permission to copy the specified option group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "og",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createbluegreendeployment": {
"name": "CreateBlueGreenDeployment",
"description": "Grants permission to create a blue-green deployment for a given source cluster or instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "deployment",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource",
"rds:CreateDBCluster",
"rds:CreateDBClusterEndpoint",
"rds:CreateDBInstance",
"rds:CreateDBInstanceReadReplica"
]
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"rds:cluster-tag/${TagKey}",
"rds:cluster-pg-tag/${TagKey}",
"rds:db-tag/${TagKey}",
"rds:pg-tag/${TagKey}",
"rds:req-tag/${TagKey}",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:StorageEncrypted",
"rds:DatabaseClass",
"rds:StorageSize",
"rds:MultiAz",
"rds:Piops",
"rds:Vpc"
],
"dependentActions": []
},
"createcustomdbengineversion": {
"name": "CreateCustomDBEngineVersion",
"description": "Grants permission to create a custom engine version",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cev",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:CreateServiceLinkedRole",
"mediaimport:CreateDatabaseBinarySnapshot",
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdbcluster": {
"name": "CreateDBCluster",
"description": "Grants permission to create a new DB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"kms:CreateGrant",
"kms:Decrypt",
"kms:DescribeKey",
"kms:GenerateDataKey",
"rds:AddTagsToResource",
"rds:CreateDBInstance",
"secretsmanager:CreateSecret",
"secretsmanager:TagResource"
]
},
{
"name": "cluster-pg",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "og",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "global-cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:StorageEncrypted",
"rds:DatabaseClass",
"rds:StorageSize",
"rds:Piops",
"rds:ManageMasterUserPassword"
],
"dependentActions": []
},
"createdbclusterendpoint": {
"name": "CreateDBClusterEndpoint",
"description": "Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster or Amazon DocumentDB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
},
{
"name": "cluster-endpoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"rds:EndpointType",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdbclusterparametergroup": {
"name": "CreateDBClusterParameterGroup",
"description": "Grants permission to create a new DB cluster parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-pg",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createdbclustersnapshot": {
"name": "CreateDBClusterSnapshot",
"description": "Grants permission to create a snapshot of a DB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
},
{
"name": "cluster-snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createdbinstance": {
"name": "CreateDBInstance",
"description": "Grants permission to create a new DB instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"kms:CreateGrant",
"kms:Decrypt",
"kms:DescribeKey",
"kms:GenerateDataKey",
"rds:AddTagsToResource",
"rds:CreateTenantDatabase",
"secretsmanager:CreateSecret",
"secretsmanager:TagResource"
]
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "og",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "secgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"rds:BackupTarget",
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}",
"rds:ManageMasterUserPassword"
],
"dependentActions": []
},
"createdbinstancereadreplica": {
"name": "CreateDBInstanceReadReplica",
"description": "Grants permission to create a DB instance that acts as a Read Replica of a source DB instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"rds:AddTagsToResource"
]
},
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "og",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "pg",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createdbparametergroup": {
"name": "CreateDBParameterGroup",
"description": "Grants permission to create a new DB parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "pg",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createdbproxy": {
"name": "CreateDBProxy",
"description": "Grants permission to create a database proxy",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": [
"iam:PassRole",
"rds:AddTagsToResource"
]
},
"createdbproxyendpoint": {
"name": "CreateDBProxyEndpoint",
"description": "Grants permission to create a database proxy endpoint",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "proxy",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
},
{
"name": "proxy-endpoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdbsecuritygroup": {
"name": "CreateDBSecurityGroup",
"description": "Grants permission to create a new DB security group. DB security groups control access to a DB instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "secgrp",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createdbshardgroup": {
"name": "CreateDBShardGroup",
"description": "Grants permission to create a new Aurora Limitless Database DB shard group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
},
{
"name": "shardgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdbsnapshot": {
"name": "CreateDBSnapshot",
"description": "Grants permission to create a DBSnapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
},
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"rds:BackupTarget",
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createdbsubnetgroup": {
"name": "CreateDBSubnetGroup",
"description": "Grants permission to create a new DB subnet group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "subgrp",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createeventsubscription": {
"name": "CreateEventSubscription",
"description": "Grants permission to create an RDS event notification subscription",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "es",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createglobalcluster": {
"name": "CreateGlobalCluster",
"description": "Grants permission to create an Aurora global database or DocumentDB global database spread across multiple regions",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "global-cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createintegration": {
"name": "CreateIntegration",
"description": "Grants permission to create an Aurora zero-ETL integration with Redshift",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"kms:CreateGrant",
"kms:DescribeKey",
"rds:AddTagsToResource"
]
},
{
"name": "integration",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createoptiongroup": {
"name": "CreateOptionGroup",
"description": "Grants permission to create a new option group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "og",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:req-tag/${TagKey}"
],
"dependentActions": []
},
"createtenantdatabase": {
"name": "CreateTenantDatabase",
"description": "Grants permission to create a new tenant database",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource"
]
},
{
"name": "tenant-database",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"rds:TenantDatabaseName",
"rds:ManageMasterUserPassword"
],
"dependentActions": []
},
"crossregioncommunication": {
"name": "CrossRegionCommunication",
"isPermissionOnly": true,
"description": "Grants permission to access a resource in the remote Region when executing cross-Region operations, such as cross-Region snapshot copy or cross-Region read replica creation",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletebluegreendeployment": {
"name": "DeleteBlueGreenDeployment",
"description": "Grants permission to delete blue green deployments",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "deployment",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:DeleteDBCluster",
"rds:DeleteDBClusterEndpoint",
"rds:DeleteDBInstance",
"rds:PromoteReadReplica",
"rds:PromoteReadReplicaDBCluster"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletecustomdbengineversion": {
"name": "DeleteCustomDBEngineVersion",
"description": "Grants permission to delete an existing custom engine version",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cev",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbcluster": {
"name": "DeleteDBCluster",
"description": "Grants permission to delete a previously provisioned DB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource",
"rds:CreateDBClusterSnapshot",
"rds:DeleteDBInstance"
]
},
{
"name": "cluster-snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbclusterautomatedbackup": {
"name": "DeleteDBClusterAutomatedBackup",
"description": "Grants permission to delete cluster automated backups based on the source cluster's DbClusterResourceId value or the restorable cluster's resource ID",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-auto-backup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbclusterendpoint": {
"name": "DeleteDBClusterEndpoint",
"description": "Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster or Amazon DocumentDB cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-endpoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbclusterparametergroup": {
"name": "DeleteDBClusterParameterGroup",
"description": "Grants permission to delete a specified DB cluster parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-pg",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbclustersnapshot": {
"name": "DeleteDBClusterSnapshot",
"description": "Grants permission to delete a DB cluster snapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster-snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbinstance": {
"name": "DeleteDBInstance",
"description": "Grants permission to delete a previously provisioned DB instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource",
"rds:CreateDBSnapshot",
"rds:DeleteTenantDatabase"
]
},
"deletedbinstanceautomatedbackup": {
"name": "DeleteDBInstanceAutomatedBackup",
"description": "Grants permission to delete automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "auto-backup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbparametergroup": {
"name": "DeleteDBParameterGroup",
"description": "Grants permission to delete a specified DBParameterGroup",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "pg",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbproxy": {
"name": "DeleteDBProxy",
"description": "Grants permission to delete a database proxy",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "proxy",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbproxyendpoint": {
"name": "DeleteDBProxyEndpoint",
"description": "Grants permission to delete a database proxy endpoint",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "proxy-endpoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbsecuritygroup": {
"name": "DeleteDBSecurityGroup",
"description": "Grants permission to delete a DB security group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "secgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbshardgroup": {
"name": "DeleteDBShardGroup",
"description": "Grants permission to delete an Aurora Limitless Database DB shard group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "shardgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbsnapshot": {
"name": "DeleteDBSnapshot",
"description": "Grants permission to delete a DBSnapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedbsubnetgroup": {
"name": "DeleteDBSubnetGroup",
"description": "Grants permission to delete a DB subnet group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "subgrp",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteeventsubscription": {
"name": "DeleteEventSubscription",
"description": "Grants permission to delete an RDS event notification subscription",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "es",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteglobalcluster": {
"name": "DeleteGlobalCluster",
"description": "Grants permission to delete a global database cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "global-cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteintegration": {
"name": "DeleteIntegration",
"description": "Grants permission to delete an Aurora zero-ETL integration with Redshift",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "integration",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteoptiongroup": {
"name": "DeleteOptionGroup",
"description": "Grants permission to delete an existing option group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "og",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletetenantdatabase": {
"name": "DeleteTenantDatabase",
"description": "Grants permission to delete a tenant database",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": [
"rds:AddTagsToResource",
"rds:CreateDBSnapshot"
]
},
{
"name": "tenant-database",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deregisterdbproxytargets": {
"name": "DeregisterDBProxyTargets",
"description": "Grants permission to remove targets from a database proxy target group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "proxy",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "target-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeaccountattributes": {
"name": "DescribeAccountAttributes",
"description": "Grants permission to list all of the attributes for a customer account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describebluegreendeployments": {
"name": "DescribeBlueGreenDeployments",
"description": "Grants permission to describe blue green deployments",
"accessLevel": "List",
"resourceTypes": [
{
"name": "deployment",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describecertificates": {
"name": "DescribeCertificates",
"description": "Grants permission to list the set of CA certificates provided by Amazon RDS for this AWS account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedbclusterautomatedbackups": {
"name": "DescribeDBClusterAutomatedBackups",
"description": "Grants permission to return a list of cluster automated backups for both current and deleted clusters",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-auto-backup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclusterbacktracks": {
"name": "DescribeDBClusterBacktracks",
"description": "Grants permission to return information about backtracks for a DB cluster",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclusterendpoints": {
"name": "DescribeDBClusterEndpoints",
"description": "Grants permission to return information about endpoints for an Amazon Aurora DB cluster",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-endpoint",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclusterparametergroups": {
"name": "DescribeDBClusterParameterGroups",
"description": "Grants permission to return a list of DBClusterParameterGroup descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster-pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclusterparameters": {
"name": "DescribeDBClusterParameters",
"description": "Grants permission to return the detailed parameter list for a particular DB cluster parameter group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster-pg",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclustersnapshotattributes": {
"name": "DescribeDBClusterSnapshotAttributes",
"description": "Grants permission to return a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster-snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclustersnapshots": {
"name": "DescribeDBClusterSnapshots",
"description": "Grants permission to return information about DB cluster snapshots",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbclusters": {
"name": "DescribeDBClusters",
"description": "Grants permission to return information about provisioned Aurora DB clusters or DocumentDB clusters",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbengineversions": {
"name": "DescribeDBEngineVersions",
"description": "Grants permission to return a list of the available DB engines",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedbinstanceautomatedbackups": {
"name": "DescribeDBInstanceAutomatedBackups",
"description": "Grants permission to return a list of automated backups for both current and deleted instances",
"accessLevel": "List",
"resourceTypes": [
{
"name": "auto-backup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbinstances": {
"name": "DescribeDBInstances",
"description": "Grants permission to return information about provisioned RDS instances",
"accessLevel": "List",
"resourceTypes": [
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedblogfiles": {
"name": "DescribeDBLogFiles",
"description": "Grants permission to return a list of DB log files for the DB instance",
"accessLevel": "List",
"resourceTypes": [
{
"name": "db",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbmajorengineversions": {
"name": "DescribeDBMajorEngineVersions",
"description": "Grants permission to return information specific for each DB major engine versions",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedbparametergroups": {
"name": "DescribeDBParameterGroups",
"description": "Grants permission to return a list of DBParameterGroup descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "pg",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbparameters": {
"name": "DescribeDBParameters",
"description": "Grants permission to return the detailed parameter list for a particular DB parameter group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "pg",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbproxies": {
"name": "DescribeDBProxies",
"description": "Grants permission to view proxies",
"accessLevel": "List",
"resourceTypes": [
{
"name": "proxy",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbproxyendpoints": {
"name": "DescribeDBProxyEndpoints",
"description": "Grants permission to view proxy endpoints",
"accessLevel": "List",
"resourceTypes": [
{
"name": "proxy",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "proxy-endpoint",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbproxytargetgroups": {
"name": "DescribeDBProxyTargetGroups",
"description": "Grants permission to view database proxy target group details",
"accessLevel": "List",
"resourceTypes": [
{
"name": "proxy",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbproxytargets": {
"name": "DescribeDBProxyTargets",
"description": "Grants permission to view database proxy target details",
"accessLevel": "List",
"resourceTypes": [
{
"name": "proxy",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "target-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbrecommendations": {
"name": "DescribeDBRecommendations",
"description": "Grants permission to list recommendation details",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedbsecuritygroups": {
"name": "DescribeDBSecurityGroups",
"description": "Grants permission to return a list of DBSecurityGroup descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "secgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbshardgroups": {
"name": "DescribeDBShardGroups",
"description": "Grants permission to return information about all Aurora Limitless Database DB shard groups for this account. You can filter by shard group(s)",
"accessLevel": "List",
"resourceTypes": [
{
"name": "shardgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbsnapshotattributes": {
"name": "DescribeDBSnapshotAttributes",
"description": "Grants permission to return a list of DB snapshot attribute names and values for a manual DB snapshot",
"accessLevel": "List",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbsnapshottenantdatabases": {
"name": "DescribeDBSnapshotTenantDatabases",
"description": "Grants permission to return information about tenant databases in DB snapshots. You can filter by Region or snapshot",
"accessLevel": "List",
"resourceTypes": [
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot-tenant-database",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbsnapshots": {
"name": "DescribeDBSnapshots",
"description": "Grants permission to return information about DB snapshots",
"accessLevel": "List",
"resourceTypes": [
{
"name": "db",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedbsubnetgroups": {
"name": "DescribeDBSubnetGroups",
"description": "Grants permission to return a list of DBSubnetGroup descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "subgrp",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeenginedefaultclusterparameters": {
"name": "DescribeEngineDefaultClusterParameters",
"description": "Grants permission to return the default engine and system parameter information for the cluster database engine",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeenginedefaultparameters": {
"name": "DescribeEngineDefaultParameters",
"description": "Grants permission to return the default engine and system parameter information for the specified database engine",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeeventcategories": {
"name": "DescribeEventCategories",
"description": "Grants permission to display a list of categories for all event source types, or, if specified, for a specified source type",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeeventsubscriptions": {
"name": "DescribeEventSubscriptions",
"description": "Grants permission to list all the subscription descriptions for a customer account",
"accessLevel": "List",
"resourceTypes": [
{
"name": "es",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeevents": {
"name": "DescribeEvents",
"description": "Grants permission to return events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeexporttasks": {
"name": "DescribeExportTasks",
"description": "Grants permission to return information about the export tasks",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeglobalclusters": {
"name": "DescribeGlobalClusters",
"description": "Grants permission to return information about Aurora global database clusters or DocumentDB global database clusters",
"accessLev