{ "addroletodbcluster": { "name": "AddRoleToDBCluster", "description": "Grants permission to associate an Identity and Access Management (IAM) role from an Aurora DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, "addroletodbinstance": { "name": "AddRoleToDBInstance", "description": "Grants permission to associate an AWS Identity and Access Management (IAM) role with a DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, "addsourceidentifiertosubscription": { "name": "AddSourceIdentifierToSubscription", "description": "Grants permission to add a source identifier to an existing RDS event notification subscription", "accessLevel": "Write", "resourceTypes": [ { "name": "es", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "addtagstoresource": { "name": "AddTagsToResource", "description": "Grants permission to add metadata tags to an Amazon RDS resource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cev", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "deployment", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "es", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "integration", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "ri", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "shardgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot-tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "target-group", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:TagsFromRequest" ], "dependentActions": [] }, "applypendingmaintenanceaction": { "name": "ApplyPendingMaintenanceAction", "description": "Grants permission to apply a pending maintenance action to a resource", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "authorizedbsecuritygroupingress": { "name": "AuthorizeDBSecurityGroupIngress", "description": "Grants permission to enable ingress to a DBSecurityGroup using one of two forms of authorization", "accessLevel": "Permissions management", "resourceTypes": [ { "name": "secgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "backtrackdbcluster": { "name": "BacktrackDBCluster", "description": "Grants permission to backtrack a DB cluster to a specific time, without creating a new DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "cancelexporttask": { "name": "CancelExportTask", "description": "Grants permission to cancel an export task in progress", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "copycustomdbengineversion": { "name": "CopyCustomDBEngineVersion", "isPermissionOnly": true, "description": "Grants permission to copy a custom engine version", "accessLevel": "Write", "resourceTypes": [ { "name": "cev", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "copydbclusterparametergroup": { "name": "CopyDBClusterParameterGroup", "description": "Grants permission to copy the specified DB cluster parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "copydbclustersnapshot": { "name": "CopyDBClusterSnapshot", "description": "Grants permission to create a snapshot of a DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "copydbparametergroup": { "name": "CopyDBParameterGroup", "description": "Grants permission to copy the specified DB parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "copydbsnapshot": { "name": "CopyDBSnapshot", "description": "Grants permission to copy the specified DB snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "snapshot", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource", "rds:CopyCustomDBEngineVersion" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:CopyOptionGroup" ], "dependentActions": [] }, "copyoptiongroup": { "name": "CopyOptionGroup", "description": "Grants permission to copy the specified option group", "accessLevel": "Write", "resourceTypes": [ { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createbluegreendeployment": { "name": "CreateBlueGreenDeployment", "description": "Grants permission to create a blue-green deployment for a given source cluster or instance", "accessLevel": "Write", "resourceTypes": [ { "name": "deployment", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource", "rds:CreateDBCluster", "rds:CreateDBClusterEndpoint", "rds:CreateDBInstance", "rds:CreateDBInstanceReadReplica" ] }, { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", "rds:cluster-tag/${TagKey}", "rds:cluster-pg-tag/${TagKey}", "rds:db-tag/${TagKey}", "rds:pg-tag/${TagKey}", "rds:req-tag/${TagKey}", "rds:DatabaseEngine", "rds:DatabaseName", "rds:StorageEncrypted", "rds:DatabaseClass", "rds:StorageSize", "rds:MultiAz", "rds:Piops", "rds:Vpc" ], "dependentActions": [] }, "createcustomdbengineversion": { "name": "CreateCustomDBEngineVersion", "description": "Grants permission to create a custom engine version", "accessLevel": "Write", "resourceTypes": [ { "name": "cev", "required": true, "conditionKeys": [], "dependentActions": [ "iam:CreateServiceLinkedRole", "mediaimport:CreateDatabaseBinarySnapshot", "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbcluster": { "name": "CreateDBCluster", "description": "Grants permission to create a new DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "rds:AddTagsToResource", "rds:CreateDBInstance", "secretsmanager:CreateSecret", "secretsmanager:TagResource" ] }, { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:DatabaseEngine", "rds:DatabaseName", "rds:StorageEncrypted", "rds:DatabaseClass", "rds:StorageSize", "rds:Piops", "rds:ManageMasterUserPassword" ], "dependentActions": [] }, "createdbclusterendpoint": { "name": "CreateDBClusterEndpoint", "description": "Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "cluster-endpoint", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:EndpointType", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbclusterparametergroup": { "name": "CreateDBClusterParameterGroup", "description": "Grants permission to create a new DB cluster parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbclustersnapshot": { "name": "CreateDBClusterSnapshot", "description": "Grants permission to create a snapshot of a DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbinstance": { "name": "CreateDBInstance", "description": "Grants permission to create a new DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "rds:AddTagsToResource", "rds:CreateTenantDatabase", "secretsmanager:CreateSecret", "secretsmanager:TagResource" ] }, { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:ManageMasterUserPassword", "rds:PubliclyAccessible" ], "dependentActions": [] }, "createdbinstancereadreplica": { "name": "CreateDBInstanceReadReplica", "description": "Grants permission to create a DB instance that acts as a Read Replica of a source DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "rds:AddTagsToResource" ] }, { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:PubliclyAccessible" ], "dependentActions": [] }, "createdbparametergroup": { "name": "CreateDBParameterGroup", "description": "Grants permission to create a new DB parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbproxy": { "name": "CreateDBProxy", "description": "Grants permission to create a database proxy", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [ "iam:PassRole", "rds:AddTagsToResource" ] }, "createdbproxyendpoint": { "name": "CreateDBProxyEndpoint", "description": "Grants permission to create a database proxy endpoint", "accessLevel": "Write", "resourceTypes": [ { "name": "proxy", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "proxy-endpoint", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "createdbsecuritygroup": { "name": "CreateDBSecurityGroup", "description": "Grants permission to create a new DB security group. DB security groups control access to a DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "secgrp", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbshardgroup": { "name": "CreateDBShardGroup", "description": "Grants permission to create a new Aurora Limitless Database DB shard group", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "shardgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:PubliclyAccessible" ], "dependentActions": [] }, "createdbsnapshot": { "name": "CreateDBSnapshot", "description": "Grants permission to create a DBSnapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createdbsubnetgroup": { "name": "CreateDBSubnetGroup", "description": "Grants permission to create a new DB subnet group", "accessLevel": "Write", "resourceTypes": [ { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createeventsubscription": { "name": "CreateEventSubscription", "description": "Grants permission to create an RDS event notification subscription", "accessLevel": "Write", "resourceTypes": [ { "name": "es", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createglobalcluster": { "name": "CreateGlobalCluster", "description": "Grants permission to create an Aurora global database or DocumentDB global database spread across multiple regions", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "global-cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createintegration": { "name": "CreateIntegration", "description": "Grants permission to create an Aurora zero-ETL integration with Redshift", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "kms:CreateGrant", "kms:DescribeKey", "rds:AddTagsToResource" ] }, { "name": "integration", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createoptiongroup": { "name": "CreateOptionGroup", "description": "Grants permission to create a new option group", "accessLevel": "Write", "resourceTypes": [ { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "createtenantdatabase": { "name": "CreateTenantDatabase", "description": "Grants permission to create a new tenant database", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "tenant-database", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:TenantDatabaseName", "rds:ManageMasterUserPassword" ], "dependentActions": [] }, "crossregioncommunication": { "name": "CrossRegionCommunication", "isPermissionOnly": true, "description": "Grants permission to access a resource in the remote Region when executing cross-Region operations, such as cross-Region snapshot copy or cross-Region read replica creation", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "deletebluegreendeployment": { "name": "DeleteBlueGreenDeployment", "description": "Grants permission to delete blue green deployments", "accessLevel": "Write", "resourceTypes": [ { "name": "deployment", "required": true, "conditionKeys": [], "dependentActions": [ "rds:DeleteDBCluster", "rds:DeleteDBClusterEndpoint", "rds:DeleteDBInstance", "rds:PromoteReadReplica", "rds:PromoteReadReplicaDBCluster" ] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "deletecustomdbengineversion": { "name": "DeleteCustomDBEngineVersion", "description": "Grants permission to delete an existing custom engine version", "accessLevel": "Write", "resourceTypes": [ { "name": "cev", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbcluster": { "name": "DeleteDBCluster", "description": "Grants permission to delete a previously provisioned DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource", "rds:CreateDBClusterSnapshot", "rds:DeleteDBInstance" ] }, { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbclusterautomatedbackup": { "name": "DeleteDBClusterAutomatedBackup", "description": "Grants permission to delete cluster automated backups based on the source cluster's DbClusterResourceId value or the restorable cluster's resource ID", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-auto-backup", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbclusterendpoint": { "name": "DeleteDBClusterEndpoint", "description": "Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-endpoint", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbclusterparametergroup": { "name": "DeleteDBClusterParameterGroup", "description": "Grants permission to delete a specified DB cluster parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbclustersnapshot": { "name": "DeleteDBClusterSnapshot", "description": "Grants permission to delete a DB cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbinstance": { "name": "DeleteDBInstance", "description": "Grants permission to delete a previously provisioned DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource", "rds:CreateDBSnapshot", "rds:DeleteTenantDatabase" ] }, "deletedbinstanceautomatedbackup": { "name": "DeleteDBInstanceAutomatedBackup", "description": "Grants permission to delete automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID", "accessLevel": "Write", "resourceTypes": [ { "name": "auto-backup", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbparametergroup": { "name": "DeleteDBParameterGroup", "description": "Grants permission to delete a specified DBParameterGroup", "accessLevel": "Write", "resourceTypes": [ { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbproxy": { "name": "DeleteDBProxy", "description": "Grants permission to delete a database proxy", "accessLevel": "Write", "resourceTypes": [ { "name": "proxy", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbproxyendpoint": { "name": "DeleteDBProxyEndpoint", "description": "Grants permission to delete a database proxy endpoint", "accessLevel": "Write", "resourceTypes": [ { "name": "proxy-endpoint", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbsecuritygroup": { "name": "DeleteDBSecurityGroup", "description": "Grants permission to delete a DB security group", "accessLevel": "Write", "resourceTypes": [ { "name": "secgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbshardgroup": { "name": "DeleteDBShardGroup", "description": "Grants permission to delete an Aurora Limitless Database DB shard group", "accessLevel": "Write", "resourceTypes": [ { "name": "shardgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbsnapshot": { "name": "DeleteDBSnapshot", "description": "Grants permission to delete a DBSnapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletedbsubnetgroup": { "name": "DeleteDBSubnetGroup", "description": "Grants permission to delete a DB subnet group", "accessLevel": "Write", "resourceTypes": [ { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteeventsubscription": { "name": "DeleteEventSubscription", "description": "Grants permission to delete an RDS event notification subscription", "accessLevel": "Write", "resourceTypes": [ { "name": "es", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteglobalcluster": { "name": "DeleteGlobalCluster", "description": "Grants permission to delete a global database cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "global-cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteintegration": { "name": "DeleteIntegration", "description": "Grants permission to delete an Aurora zero-ETL integration with Redshift", "accessLevel": "Write", "resourceTypes": [ { "name": "integration", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteoptiongroup": { "name": "DeleteOptionGroup", "description": "Grants permission to delete an existing option group", "accessLevel": "Write", "resourceTypes": [ { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletetenantdatabase": { "name": "DeleteTenantDatabase", "description": "Grants permission to delete a tenant database", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource", "rds:CreateDBSnapshot" ] }, { "name": "tenant-database", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deregisterdbproxytargets": { "name": "DeregisterDBProxyTargets", "description": "Grants permission to remove targets from a database proxy target group", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "target-group", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeaccountattributes": { "name": "DescribeAccountAttributes", "description": "Grants permission to list all of the attributes for a customer account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describebluegreendeployments": { "name": "DescribeBlueGreenDeployments", "description": "Grants permission to describe blue green deployments", "accessLevel": "List", "resourceTypes": [ { "name": "deployment", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describecertificates": { "name": "DescribeCertificates", "description": "Grants permission to list the set of CA certificates provided by Amazon RDS for this AWS account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describedbclusterautomatedbackups": { "name": "DescribeDBClusterAutomatedBackups", "description": "Grants permission to return a list of cluster automated backups for both current and deleted clusters", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclusterbacktracks": { "name": "DescribeDBClusterBacktracks", "description": "Grants permission to return information about backtracks for a DB cluster", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclusterendpoints": { "name": "DescribeDBClusterEndpoints", "description": "Grants permission to return information about endpoints for an Amazon Aurora DB cluster", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclusterparametergroups": { "name": "DescribeDBClusterParameterGroups", "description": "Grants permission to return a list of DBClusterParameterGroup descriptions", "accessLevel": "List", "resourceTypes": [ { "name": "cluster-pg", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclusterparameters": { "name": "DescribeDBClusterParameters", "description": "Grants permission to return the detailed parameter list for a particular DB cluster parameter group", "accessLevel": "List", "resourceTypes": [ { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclustersnapshotattributes": { "name": "DescribeDBClusterSnapshotAttributes", "description": "Grants permission to return a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot", "accessLevel": "List", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclustersnapshots": { "name": "DescribeDBClusterSnapshots", "description": "Grants permission to return information about DB cluster snapshots", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbclusters": { "name": "DescribeDBClusters", "description": "Grants permission to return information about provisioned Aurora DB clusters or DocumentDB clusters", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbengineversions": { "name": "DescribeDBEngineVersions", "description": "Grants permission to return a list of the available DB engines", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describedbinstanceautomatedbackups": { "name": "DescribeDBInstanceAutomatedBackups", "description": "Grants permission to return a list of automated backups for both current and deleted instances", "accessLevel": "List", "resourceTypes": [ { "name": "auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbinstances": { "name": "DescribeDBInstances", "description": "Grants permission to return information about provisioned RDS instances", "accessLevel": "List", "resourceTypes": [ { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedblogfiles": { "name": "DescribeDBLogFiles", "description": "Grants permission to return a list of DB log files for the DB instance", "accessLevel": "List", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbmajorengineversions": { "name": "DescribeDBMajorEngineVersions", "description": "Grants permission to return information specific for each DB major engine versions", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describedbparametergroups": { "name": "DescribeDBParameterGroups", "description": "Grants permission to return a list of DBParameterGroup descriptions", "accessLevel": "List", "resourceTypes": [ { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbparameters": { "name": "DescribeDBParameters", "description": "Grants permission to return the detailed parameter list for a particular DB parameter group", "accessLevel": "List", "resourceTypes": [ { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbproxies": { "name": "DescribeDBProxies", "description": "Grants permission to view proxies", "accessLevel": "List", "resourceTypes": [ { "name": "proxy", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbproxyendpoints": { "name": "DescribeDBProxyEndpoints", "description": "Grants permission to view proxy endpoints", "accessLevel": "List", "resourceTypes": [ { "name": "proxy", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbproxytargetgroups": { "name": "DescribeDBProxyTargetGroups", "description": "Grants permission to view database proxy target group details", "accessLevel": "List", "resourceTypes": [ { "name": "proxy", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbproxytargets": { "name": "DescribeDBProxyTargets", "description": "Grants permission to view database proxy target details", "accessLevel": "List", "resourceTypes": [ { "name": "proxy", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "target-group", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbrecommendations": { "name": "DescribeDBRecommendations", "description": "Grants permission to list recommendation details", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describedbsecuritygroups": { "name": "DescribeDBSecurityGroups", "description": "Grants permission to return a list of DBSecurityGroup descriptions", "accessLevel": "List", "resourceTypes": [ { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbshardgroups": { "name": "DescribeDBShardGroups", "description": "Grants permission to return information about all Aurora Limitless Database DB shard groups for this account. You can filter by shard group(s)", "accessLevel": "List", "resourceTypes": [ { "name": "shardgrp", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbsnapshotattributes": { "name": "DescribeDBSnapshotAttributes", "description": "Grants permission to return a list of DB snapshot attribute names and values for a manual DB snapshot", "accessLevel": "List", "resourceTypes": [ { "name": "snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbsnapshottenantdatabases": { "name": "DescribeDBSnapshotTenantDatabases", "description": "Grants permission to return information about tenant databases in DB snapshots. You can filter by Region or snapshot", "accessLevel": "List", "resourceTypes": [ { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot-tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbsnapshots": { "name": "DescribeDBSnapshots", "description": "Grants permission to return information about DB snapshots", "accessLevel": "List", "resourceTypes": [ { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describedbsubnetgroups": { "name": "DescribeDBSubnetGroups", "description": "Grants permission to return a list of DBSubnetGroup descriptions", "accessLevel": "List", "resourceTypes": [ { "name": "subgrp", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeenginedefaultclusterparameters": { "name": "DescribeEngineDefaultClusterParameters", "description": "Grants permission to return the default engine and system parameter information for the cluster database engine", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describeenginedefaultparameters": { "name": "DescribeEngineDefaultParameters", "description": "Grants permission to return the default engine and system parameter information for the specified database engine", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describeeventcategories": { "name": "DescribeEventCategories", "description": "Grants permission to display a list of categories for all event source types, or, if specified, for a specified source type", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describeeventsubscriptions": { "name": "DescribeEventSubscriptions", "description": "Grants permission to list all the subscription descriptions for a customer account", "accessLevel": "List", "resourceTypes": [ { "name": "es", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeevents": { "name": "DescribeEvents", "description": "Grants permission to return events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describeexporttasks": { "name": "DescribeExportTasks", "description": "Grants permission to return information about the export tasks", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeglobalclusters": { "name": "DescribeGlobalClusters", "description": "Grants permission to return information about Aurora global database clusters or DocumentDB global database clusters", "accessLevel": "List", "resourceTypes": [ { "name": "global-cluster", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeintegrations": { "name": "DescribeIntegrations", "description": "Grants permission to describe an Aurora zero-ETL integration with Redshift", "accessLevel": "List", "resourceTypes": [ { "name": "integration", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "describeoptiongroupoptions": { "name": "DescribeOptionGroupOptions", "description": "Grants permission to describe all available options", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describeoptiongroups": { "name": "DescribeOptionGroups", "description": "Grants permission to describe the available option groups", "accessLevel": "List", "resourceTypes": [ { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeorderabledbinstanceoptions": { "name": "DescribeOrderableDBInstanceOptions", "description": "Grants permission to return a list of orderable DB instance options for the specified engine", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describependingmaintenanceactions": { "name": "DescribePendingMaintenanceActions", "description": "Grants permission to return a list of resources (for example, DB instances) that have at least one pending maintenance action", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describerecommendationgroups": { "name": "DescribeRecommendationGroups", "isPermissionOnly": true, "description": "Grants permission to return information about recommendation groups", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describerecommendations": { "name": "DescribeRecommendations", "isPermissionOnly": true, "description": "Grants permission to return information about recommendations", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describereserveddbinstances": { "name": "DescribeReservedDBInstances", "description": "Grants permission to return information about reserved DB instances for this account, or about a specified reserved DB instance", "accessLevel": "List", "resourceTypes": [ { "name": "ri", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describereserveddbinstancesofferings": { "name": "DescribeReservedDBInstancesOfferings", "description": "Grants permission to list available reserved DB instance offerings", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describesourceregions": { "name": "DescribeSourceRegions", "description": "Grants permission to return a list of the source AWS Regions where the current AWS Region can create a Read Replica or copy a DB snapshot from", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describetenantdatabases": { "name": "DescribeTenantDatabases", "description": "Grants permission to return information about provisioned tenant databases. You can filter by Region or snapshot", "accessLevel": "List", "resourceTypes": [ { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describevaliddbinstancemodifications": { "name": "DescribeValidDBInstanceModifications", "description": "Grants permission to list available modifications you can make to your DB instance", "accessLevel": "List", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "disablehttpendpoint": { "name": "DisableHttpEndpoint", "description": "Grants permission to disable http endpoint for a DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "downloadcompletedblogfile": { "name": "DownloadCompleteDBLogFile", "description": "Grants permission to download specified log file", "accessLevel": "Read", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "downloaddblogfileportion": { "name": "DownloadDBLogFilePortion", "description": "Grants permission to download all or a portion of the specified log file, up to 1 MB in size", "accessLevel": "Read", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "enablehttpendpoint": { "name": "EnableHttpEndpoint", "description": "Grants permission to enable http endpoint for a DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "failoverdbcluster": { "name": "FailoverDBCluster", "description": "Grants permission to force a failover for a DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "failoverglobalcluster": { "name": "FailoverGlobalCluster", "description": "Grants permission to failover a global cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to list all tags on an Amazon RDS resource", "accessLevel": "Read", "resourceTypes": [ { "name": "auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cev", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "es", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "integration", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "ri", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "shardgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot-tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "target-group", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifyactivitystream": { "name": "ModifyActivityStream", "description": "Grants permission to modify a database activity stream", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifycertificates": { "name": "ModifyCertificates", "description": "Grants permission to modify the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "modifycurrentdbclustercapacity": { "name": "ModifyCurrentDBClusterCapacity", "description": "Grants permission to modify current cluster capacity for an Amazon Aurora Serverless DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifycustomdbengineversion": { "name": "ModifyCustomDBEngineVersion", "description": "Grants permission to modify an existing custom engine version", "accessLevel": "Write", "resourceTypes": [ { "name": "cev", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbcluster": { "name": "ModifyDBCluster", "description": "Grants permission to modify a setting for an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "rds:ModifyDBInstance", "secretsmanager:CreateSecret", "secretsmanager:RotateSecret", "secretsmanager:TagResource" ] }, { "name": "cluster-pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:DatabaseClass", "rds:StorageSize", "rds:Piops", "rds:ManageMasterUserPassword" ], "dependentActions": [] }, "modifydbclusterendpoint": { "name": "ModifyDBClusterEndpoint", "description": "Grants permission to modify the properties of an endpoint in an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-endpoint", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbclusterparametergroup": { "name": "ModifyDBClusterParameterGroup", "description": "Grants permission to modify the parameters of a DB cluster parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbclustersnapshotattribute": { "name": "ModifyDBClusterSnapshotAttribute", "description": "Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbinstance": { "name": "ModifyDBInstance", "description": "Grants permission to modify settings for a DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "rds:AddTagsToResource", "rds:CreateTenantDatabase", "secretsmanager:CreateSecret", "secretsmanager:RotateSecret", "secretsmanager:TagResource" ] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:ManageMasterUserPassword" ], "dependentActions": [] }, "modifydbparametergroup": { "name": "ModifyDBParameterGroup", "description": "Grants permission to modify the parameters of a DB parameter group", "accessLevel": "Write", "resourceTypes": [ { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbproxy": { "name": "ModifyDBProxy", "description": "Grants permission to modify database proxy", "accessLevel": "Write", "resourceTypes": [ { "name": "proxy", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, "modifydbproxyendpoint": { "name": "ModifyDBProxyEndpoint", "description": "Grants permission to modify database proxy endpoint", "accessLevel": "Write", "resourceTypes": [ { "name": "proxy-endpoint", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbproxytargetgroup": { "name": "ModifyDBProxyTargetGroup", "description": "Grants permission to modify target group for a database proxy", "accessLevel": "Write", "resourceTypes": [ { "name": "target-group", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbrecommendation": { "name": "ModifyDBRecommendation", "description": "Grants permission to modify recommendation", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "modifydbshardgroup": { "name": "ModifyDBShardGroup", "description": "Grants permission to modify properties of an Aurora Limitless Database DB shard group", "accessLevel": "Write", "resourceTypes": [ { "name": "shardgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbsnapshot": { "name": "ModifyDBSnapshot", "description": "Grants permission to update a manual DB snapshot, which can be encrypted or not encrypted, with a new engine version", "accessLevel": "Write", "resourceTypes": [ { "name": "snapshot", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbsnapshotattribute": { "name": "ModifyDBSnapshotAttribute", "description": "Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifydbsubnetgroup": { "name": "ModifyDBSubnetGroup", "description": "Grants permission to modify an existing DB subnet group", "accessLevel": "Write", "resourceTypes": [ { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifyeventsubscription": { "name": "ModifyEventSubscription", "description": "Grants permission to modify an existing RDS event notification subscription", "accessLevel": "Write", "resourceTypes": [ { "name": "es", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifyglobalcluster": { "name": "ModifyGlobalCluster", "description": "Grants permission to modify a setting for an Amazon Aurora global cluster or Amazon DocumentDB global cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "global-cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifyintegration": { "name": "ModifyIntegration", "description": "Grants permission to modify an Aurora zero-ETL integration with Redshift", "accessLevel": "Write", "resourceTypes": [ { "name": "integration", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifyoptiongroup": { "name": "ModifyOptionGroup", "description": "Grants permission to modify an existing option group", "accessLevel": "Write", "resourceTypes": [ { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, "modifyrecommendation": { "name": "ModifyRecommendation", "isPermissionOnly": true, "description": "Grants permission to modify recommendation", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "modifytenantdatabase": { "name": "ModifyTenantDatabase", "description": "Grants permission to modify a tenant database", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "tenant-database", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:TenantDatabaseName", "rds:ManageMasterUserPassword" ], "dependentActions": [] }, "promotereadreplica": { "name": "PromoteReadReplica", "description": "Grants permission to promote a Read Replica DB instance to a standalone DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, "promotereadreplicadbcluster": { "name": "PromoteReadReplicaDBCluster", "description": "Grants permission to promote a Read Replica DB cluster to a standalone DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "purchasereserveddbinstancesoffering": { "name": "PurchaseReservedDBInstancesOffering", "description": "Grants permission to purchase a reserved DB instance offering", "accessLevel": "Write", "resourceTypes": [ { "name": "ri", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "rebootdbcluster": { "name": "RebootDBCluster", "description": "Grants permission to reboot a previously provisioned DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "rds:RebootDBInstance" ] }, "rebootdbinstance": { "name": "RebootDBInstance", "description": "Grants permission to restart the database engine service", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "rebootdbshardgroup": { "name": "RebootDBShardGroup", "description": "Grants permission to reboot an Aurora Limitless Database DB shard group", "accessLevel": "Write", "resourceTypes": [ { "name": "shardgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "registerdbproxytargets": { "name": "RegisterDBProxyTargets", "description": "Grants permission to add targets to a database proxy target group", "accessLevel": "Write", "resourceTypes": [ { "name": "target-group", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "removefromglobalcluster": { "name": "RemoveFromGlobalCluster", "description": "Grants permission to detach an Aurora secondary cluster from an Aurora global database cluster or DocumentDB global cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "removerolefromdbcluster": { "name": "RemoveRoleFromDBCluster", "description": "Grants permission to disassociate an AWS Identity and Access Management (IAM) role from an Amazon Aurora DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, "removerolefromdbinstance": { "name": "RemoveRoleFromDBInstance", "description": "Grants permission to disassociate an AWS Identity and Access Management (IAM) role from a DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, "removesourceidentifierfromsubscription": { "name": "RemoveSourceIdentifierFromSubscription", "description": "Grants permission to remove a source identifier from an existing RDS event notification subscription", "accessLevel": "Write", "resourceTypes": [ { "name": "es", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "removetagsfromresource": { "name": "RemoveTagsFromResource", "description": "Grants permission to remove metadata tags from an Amazon RDS resource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cev", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "deployment", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "es", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "integration", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "proxy-endpoint", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "ri", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "shardgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot-tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "target-group", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "tenant-database", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "resetdbclusterparametergroup": { "name": "ResetDBClusterParameterGroup", "description": "Grants permission to modify the parameters of a DB cluster parameter group to the default value", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "resetdbparametergroup": { "name": "ResetDBParameterGroup", "description": "Grants permission to modify the parameters of a DB parameter group to the engine/system default value", "accessLevel": "Write", "resourceTypes": [ { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "restoredbclusterfroms3": { "name": "RestoreDBClusterFromS3", "description": "Grants permission to create an Amazon Aurora DB cluster from data stored in an Amazon S3 bucket", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "rds:AddTagsToResource", "secretsmanager:CreateSecret", "secretsmanager:TagResource" ] }, { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:DatabaseEngine", "rds:DatabaseName", "rds:StorageEncrypted", "rds:ManageMasterUserPassword" ], "dependentActions": [] }, "restoredbclusterfromsnapshot": { "name": "RestoreDBClusterFromSnapshot", "description": "Grants permission to create a new DB cluster from a DB cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "rds:AddTagsToResource", "rds:CreateDBInstance" ] }, { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:DatabaseClass", "rds:StorageSize", "rds:Piops" ], "dependentActions": [] }, "restoredbclustertopointintime": { "name": "RestoreDBClusterToPointInTime", "description": "Grants permission to restore a DB cluster to an arbitrary point in time", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "rds:AddTagsToResource", "rds:CreateDBInstance" ] }, { "name": "cluster-pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:DatabaseClass", "rds:StorageSize", "rds:Piops" ], "dependentActions": [] }, "restoredbinstancefromdbsnapshot": { "name": "RestoreDBInstanceFromDBSnapshot", "description": "Grants permission to create a new DB instance from a DB snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "rds:AddTagsToResource", "rds:CreateTenantDatabase" ] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:ManageMasterUserPassword", "rds:PubliclyAccessible" ], "dependentActions": [] }, "restoredbinstancefroms3": { "name": "RestoreDBInstanceFromS3", "description": "Grants permission to create a new DB instance from an Amazon S3 bucket", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "rds:AddTagsToResource", "secretsmanager:CreateSecret", "secretsmanager:TagResource" ] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "secgrp", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:ManageMasterUserPassword", "rds:PubliclyAccessible" ], "dependentActions": [] }, "restoredbinstancetopointintime": { "name": "RestoreDBInstanceToPointInTime", "description": "Grants permission to restore a DB instance to an arbitrary point in time", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "iam:PassRole", "rds:AddTagsToResource", "rds:CreateTenantDatabase" ] }, { "name": "og", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "pg", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "subgrp", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "auto-backup", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", "rds:ManageMasterUserPassword", "rds:PubliclyAccessible" ], "dependentActions": [] }, "revokedbsecuritygroupingress": { "name": "RevokeDBSecurityGroupIngress", "description": "Grants permission to revoke ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups", "accessLevel": "Write", "resourceTypes": [ { "name": "secgrp", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "startactivitystream": { "name": "StartActivityStream", "description": "Grants permission to start Activity Stream", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "startdbcluster": { "name": "StartDBCluster", "description": "Grants permission to start the DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "startdbinstance": { "name": "StartDBInstance", "description": "Grants permission to start the DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "startdbinstanceautomatedbackupsreplication": { "name": "StartDBInstanceAutomatedBackupsReplication", "description": "Grants permission to start replication of automated backups to a different AWS Region", "accessLevel": "Write", "resourceTypes": [ { "name": "auto-backup", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource" ] }, { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" ], "dependentActions": [] }, "startexporttask": { "name": "StartExportTask", "description": "Grants permission to start a new Export task for a DB snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "stopactivitystream": { "name": "StopActivityStream", "description": "Grants permission to stop Activity Stream", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "db", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "stopdbcluster": { "name": "StopDBCluster", "description": "Grants permission to stop the DB cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "stopdbinstance": { "name": "StopDBInstance", "description": "Grants permission to stop the DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [ "rds:AddTagsToResource", "rds:CreateDBSnapshot" ] }, { "name": "snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "stopdbinstanceautomatedbackupsreplication": { "name": "StopDBInstanceAutomatedBackupsReplication", "description": "Grants permission to stop automated backup replication for a DB instance", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "switchoverbluegreendeployment": { "name": "SwitchoverBlueGreenDeployment", "description": "Grants permission to switch a blue-green deployment from source instance or cluster to target", "accessLevel": "Write", "resourceTypes": [ { "name": "deployment", "required": true, "conditionKeys": [], "dependentActions": [ "rds:ModifyDBCluster", "rds:ModifyDBInstance", "rds:PromoteReadReplica", "rds:PromoteReadReplicaDBCluster" ] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "switchoverglobalcluster": { "name": "SwitchoverGlobalCluster", "description": "Grants permission to switchover a global cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "global-cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "switchoverreadreplica": { "name": "SwitchoverReadReplica", "description": "Grants permission to switch over a read replica, making it the new primary database", "accessLevel": "Write", "resourceTypes": [ { "name": "db", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] } }