Amazon RDS and Tag-Based Permissions

AWS Identity-Based, Resource-Based, Resource-Level, and Tag-Based Permissions contains a link to AWS Services That Work with IAM - AWS Identity and Access Management, which has the table of services supporting tag-based permissions.

Amazon RDS is one of those services. See Using IAM Policy Conditions for Fine-Grained Access Control - Amazon Relational Database Service for some example policies using condition keys with custom tags.

"Condition":{
  "StringEquals":{
      "rds:db-tag/stage":[
        "development",
        "test"
      ]
  }
}

In the above example, the RDS tag identifier db-tag applies to “DB instances, including Read Replicas.” The link above also has a table that lists the RDS tag identifiers that you can use in a Condition element.