RDS API authentication rules

Last Updated: May 27, 2016

When a sub-user accesses resources through RDS Open API, the RDS background will perform a permission check to RAM to ensure that the caller has response permissions.Each different RDS API will determine which resource permissions need to be checked according to the involved resources and the API meanings.Specifically, the authentication rules for each API are shown in the table below

Action Authentication Rules
CreateDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstances acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
SwitchDBInstanceNetType acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceDescription acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceMaintainTime acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
PurgeDBInstanceLog acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteDatabase acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBDescription acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeFilesForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeImportsForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CancelImport acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ResetAccountPassword acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
RevokeAccountPrivilege acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteAccount acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateBackup acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateTempDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyBackupPolicy acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstancePerformance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSlowLogRecords acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBinlogFiles acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSQLLogRecords acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnMissPK acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnMissIndex acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeParameters acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreatePrepaidDBInstanceForChannel acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyPrepaidDBInstanceSpec acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreatePostpaidDBInstanceForChannel acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyPostpaidDBInstanceSpec acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstanceAttribute acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
RestartDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifySecurityIps acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
UpgradeDBInstanceEngineVersion acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateDatabase acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDatabases acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateUploadPathForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ImportDataForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ImportDataBaseBetweenInstances acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateAccount acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
GrantAccountPrivilege acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeAccounts acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyAccountDescription acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBackups acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBackupPolicy acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeResourceUsage acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSlowLogs acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeErrorLogs acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSQLLogReports acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnStorage acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnExcessIndex acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceByDBA acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyeParameter acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
Thank you! We've received your feedback.