edit-icon download-icon

RDS authorization policy samples

Last Updated: Sep 15, 2017
  • Use Case #1

If your tenant account has 10 RDS instances, but as a RAM administrator, you would like to grant only two instances to a RAM user. You can create a policy as follows:

Note: One RAM user with this policy can view all RDS instances, but can only operate (for example, DeleteDBInstance) the granted two instances. Currently, RAM does not support to view only the authorized RDS instances.

  1. {
  2. "Statement": [
  3. {
  4. "Action": "rds:*",
  5. "Effect": "Allow",
  6. "Resource": [
  7. "acs:rds:*:*:dbinstance/i-001",
  8. "acs:rds:*:*:dbinstance/i-002"
  9. ]
  10. },
  11. {
  12. "Action": "rds:Describe*",
  13. "Effect": "Allow",
  14. "Resource": "*"
  15. }
  16. ],
  17. "Version": "1"
  18. }
Thank you! We've received your feedback.