RDS - IAM policy issue

Question

I am not able to create IAM policy to create RDS instance.

Can you please assist me with JSON action statement for the same.

Answer 1

There is an inbuilt RDS Service in AWS, which you can tweak according to your requirements, the below is the policy for RDS Full access.

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "SecretsManagerDbCredentialsAccess",

"Effect": "Allow",

"Action": [

"secretsmanager:GetSecretValue",

"secretsmanager:PutResourcePolicy",

"secretsmanager:PutSecretValue",

"secretsmanager:DeleteSecret",

"secretsmanager:DescribeSecret",

"secretsmanager:TagResource"

],

"Resource": "arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*"

},

{

"Sid": "RDSDataServiceAccess",

"Effect": "Allow",

"Action": [

"dbqms:CreateFavoriteQuery",

"dbqms:DescribeFavoriteQueries",

"dbqms:UpdateFavoriteQuery",

"dbqms:DeleteFavoriteQueries",

"dbqms:GetQueryString",

"dbqms:CreateQueryHistory",

"dbqms:DescribeQueryHistory",

"dbqms:UpdateQueryHistory",

"dbqms:DeleteQueryHistory",

"rds-data:ExecuteSql",

"rds-data:ExecuteStatement",

"rds-data:BatchExecuteStatement",

"rds-data:BeginTransaction",

"rds-data:CommitTransaction",

"rds-data:RollbackTransaction",

"secretsmanager:CreateSecret",

"secretsmanager:ListSecrets",

"secretsmanager:GetRandomPassword",

"tag:GetResources"

],

"Resource": "*"

}

]

}

For more details, refer to this AWS Tutorial.