2017-07-14 06:50:55 +02:00
|
|
|
{
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
"Statement": [
|
|
|
|
{
|
2019-06-25 15:54:03 +02:00
|
|
|
"Action": "iam:CreateServiceLinkedRole",
|
|
|
|
"Effect": "Allow",
|
|
|
|
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
|
|
|
|
"Condition": {
|
|
|
|
"StringLike": {
|
|
|
|
"iam:AWSServiceName":"rds.amazonaws.com"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"Sid": "AllowRDSReadEverywhere",
|
2017-07-14 06:50:55 +02:00
|
|
|
"Effect": "Allow",
|
|
|
|
"Action": [
|
|
|
|
"rds:ListTagsForResource",
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:DescribeDBInstances",
|
|
|
|
"rds:DescribeDBParameterGroups",
|
|
|
|
"rds:DescribeDBParameters",
|
|
|
|
"rds:DescribeDBSnapshots"
|
2017-07-14 06:50:55 +02:00
|
|
|
],
|
2019-06-25 15:54:03 +02:00
|
|
|
"Resource": ["*"]
|
2017-07-14 06:50:55 +02:00
|
|
|
},
|
|
|
|
{
|
2019-06-25 15:54:03 +02:00
|
|
|
"Sid": "AllowRDSModuleTests",
|
2017-07-14 06:50:55 +02:00
|
|
|
"Effect": "Allow",
|
|
|
|
"Action": [
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:AddTagsToResource",
|
2017-07-14 06:50:55 +02:00
|
|
|
"rds:CreateDBInstance",
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:DeleteDBInstance",
|
2017-07-14 06:50:55 +02:00
|
|
|
"rds:ModifyDBInstance",
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:PromoteReadReplica",
|
|
|
|
"rds:RebootDBInstance",
|
|
|
|
"rds:RemoveTagsFromResource",
|
2019-07-25 15:49:08 +02:00
|
|
|
"rds:RestoreDBInstanceToPointInTime",
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:StartDBInstance",
|
|
|
|
"rds:StopDBInstance"
|
2017-07-14 06:50:55 +02:00
|
|
|
],
|
|
|
|
"Resource": [
|
2019-06-25 15:54:03 +02:00
|
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-test*"
|
2017-07-14 06:50:55 +02:00
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"Sid": "AllowRDSSnapshotManageSnapshots",
|
|
|
|
"Effect": "Allow",
|
|
|
|
"Action": [
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:AddTagsToResource",
|
2017-07-14 06:50:55 +02:00
|
|
|
"rds:CreateDBSnapshot",
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:DeleteDBInstance",
|
2017-07-14 06:50:55 +02:00
|
|
|
"rds:DeleteDBSnapshot",
|
2019-06-25 15:54:03 +02:00
|
|
|
"rds:RemoveTagsFromResource",
|
2017-07-14 06:50:55 +02:00
|
|
|
"rds:RestoreDBInstanceFromDBSnapshot",
|
|
|
|
"rds:CreateDBInstanceReadReplica"
|
|
|
|
],
|
|
|
|
"Resource": [
|
2019-06-25 15:54:03 +02:00
|
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:ansible-test*",
|
|
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-test*"
|
|
|
|
]
|
2017-08-28 18:52:22 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"Sid": "AllowRDSParameterGroupManagement",
|
|
|
|
"Effect": "Allow",
|
|
|
|
"Action": [
|
|
|
|
"rds:CreateDBParameterGroup",
|
|
|
|
"rds:DeleteDBParameterGroup",
|
|
|
|
"rds:ModifyDBParameterGroup",
|
|
|
|
"rds:AddTagsToResource",
|
|
|
|
"rds:RemoveTagsFromResource"
|
|
|
|
],
|
|
|
|
"Resource": [
|
|
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:pg:*"
|
|
|
|
]
|
2019-06-17 20:41:20 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"Sid": "AllowRedshiftManagment",
|
|
|
|
"Action": [
|
|
|
|
"redshift:CreateCluster",
|
|
|
|
"redshift:CreateTags",
|
|
|
|
"redshift:DeleteCluster",
|
|
|
|
"redshift:DeleteTags",
|
|
|
|
"redshift:DescribeClusters",
|
|
|
|
"redshift:DescribeTags",
|
|
|
|
"redshift:ModifyCluster",
|
|
|
|
"redshift:RebootCluster"
|
|
|
|
],
|
|
|
|
"Effect": "Allow",
|
|
|
|
"Resource": "*"
|
2019-07-04 21:25:19 +02:00
|
|
|
},
|
2019-10-23 14:27:08 +02:00
|
|
|
{
|
|
|
|
"Sid": "AllowRDSSubnetGroups",
|
|
|
|
"Effect": "Allow",
|
|
|
|
"Action": [
|
|
|
|
"rds:CreateDBSubnetGroup",
|
|
|
|
"rds:DeleteDBSubnetGroup",
|
|
|
|
"rds:DescribeDBSubnetGroups",
|
|
|
|
"rds:ModifyDBSubnetGroup"
|
|
|
|
],
|
|
|
|
"Resource": ["*"]
|
|
|
|
},
|
2019-07-04 21:25:19 +02:00
|
|
|
{
|
|
|
|
"Sid": "DMSEndpoints",
|
|
|
|
"Effect": "Allow",
|
|
|
|
"Action": [
|
|
|
|
"dms:CreateEndpoint",
|
|
|
|
"dms:DeleteEndpoint",
|
|
|
|
"dms:DescribeEndpoints",
|
|
|
|
"dms:ModifyEndpoint"
|
|
|
|
],
|
|
|
|
"Resource": ["*"]
|
2017-07-14 06:50:55 +02:00
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|