kevinhakanson.com

Amazon RDS and Tag-Based Permissions

April 27, 2017 #aws #iam #rds

AWS Identity-Based, Resource-Based, Resource-Level, and Tag-Based Permissions contains a link to AWS Services That Work with IAM - AWS Identity and Access Management, which has the table of services supporting tag-based permissions.

Amazon RDS is one of those services. See Using IAM Policy Conditions for Fine-Grained Access Control - Amazon Relational Database Service for some example policies using condition keys with custom tags.

"Condition":{
  "StringEquals":{
      "rds:db-tag/stage":[
        "development",
        "test"
      ]
  }
}

In the above example, the RDS tag identifier db-tag applies to “DB instances, including Read Replicas.” The link above also has a table that lists the RDS tag identifiers that you can use in a Condition element.


Kevin Hakanson

Multi-Cloud Certified Architect | DevSecOps | AppSec | Web Platform | Speaker | Learner | Builder
Twitter | LinkedIn | GitHub | Stack Overflow | Credly

© 2024 Kevin Hakanson (built with Gatsby)