# Actions, resources, and condition keys for Amazon RDS
Amazon RDS (service prefix: `rds`) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
+ Learn how to [configure this service](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/).
+ View a list of the [API operations available for this service](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/).
+ Learn how to secure this service and its resources by [using IAM](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html) permission policies.
**Topics**
+ [Actions defined by Amazon RDS](#amazonrds-actions-as-permissions)
+ [Resource types defined by Amazon RDS](#amazonrds-resources-for-iam-policies)
+ [Condition keys for Amazon RDS](#amazonrds-policy-keys)
## Actions defined by Amazon RDS
You can specify the following actions in the `Action` element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The **Access level** column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see [Access levels in policy summaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html).
The **Resource types** column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("\*") to which the policy applies in the `Resource` element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (\*). If you limit resource access with the `Resource` element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The **Condition keys** column of the Actions table includes keys that you can specify in a policy statement's `Condition` element. For more information on the condition keys that are associated with resources for the service, see the **Condition keys** column of the Resource types table.
The **Dependent actions** column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.
**Note**
Resource condition keys are listed in the [Resource types](#amazonrds-resources-for-iam-policies) table. You can find a link to the resource type that applies to an action in the **Resource types (\*required)** column of the Actions table. The resource type in the Resource types table includes the **Condition keys** column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see [Actions table](reference_policies_actions-resources-contextkeys.html#actions_table).
****
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddRoleToDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddRoleToDBCluster.html) **
- **Description:** Grants permission to associate an Identity and Access Management (IAM) role from an Aurora DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddRoleToDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddRoleToDBInstance.html) **
- **Description:** Grants permission to associate an AWS Identity and Access Management (IAM) role with a DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddSourceIdentifierToSubscription.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddSourceIdentifierToSubscription.html) **
- **Description:** Grants permission to add a source identifier to an existing RDS event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddTagsToResource.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddTagsToResource.html) **
- **Description:** Grants permission to add metadata tags to an Amazon RDS resource
- **Access level:** Tagging
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-auto-backup](#amazonrds-cluster-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-deployment](#amazonrds-deployment) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-ri](#amazonrds-ri) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot-tenant-database](#amazonrds-snapshot-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_TagsFromRequest](#amazonrds-rds_TagsFromRequest) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ApplyPendingMaintenanceAction.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ApplyPendingMaintenanceAction.html) **
- **Description:** Grants permission to apply a pending maintenance action to a resource
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html) **
- **Description:** Grants permission to enable ingress to a DBSecurityGroup using one of two forms of authorization
- **Access level:** Permissions management
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_BacktrackDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_BacktrackDBCluster.html) **
- **Description:** Grants permission to backtrack a DB cluster to a specific time, without creating a new DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CancelExportTask.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CancelExportTask.html) **
- **Description:** Grants permission to cancel an export task in progress
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonrds.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonrds.html) [permission only]**
- **Description:** Grants permission to copy a custom engine version
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBClusterParameterGroup.html) **
- **Description:** Grants permission to copy the specified DB cluster parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBClusterSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBClusterSnapshot.html) **
- **Description:** Grants permission to create a snapshot of a DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBParameterGroup.html) **
- **Description:** Grants permission to copy the specified DB parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBSnapshot.html) **
- **Description:** Grants permission to copy the specified DB snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
rds:CopyCustomDBEngineVersion
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_CopyOptionGroup](#amazonrds-rds_CopyOptionGroup) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyOptionGroup.html) **
- **Description:** Grants permission to copy the specified option group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateBlueGreenDeployment.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateBlueGreenDeployment.html) **
- **Description:** Grants permission to create a blue-green deployment for a given source cluster or instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-deployment](#amazonrds-deployment) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
rds:CreateDBCluster
rds:CreateDBClusterEndpoint
rds:CreateDBInstance
rds:CreateDBInstanceReadReplica
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_cluster-tag___TagKey_](#amazonrds-rds_cluster-tag___TagKey_)
[#amazonrds-rds_cluster-pg-tag___TagKey_](#amazonrds-rds_cluster-pg-tag___TagKey_)
[#amazonrds-rds_db-tag___TagKey_](#amazonrds-rds_db-tag___TagKey_)
[#amazonrds-rds_pg-tag___TagKey_](#amazonrds-rds_pg-tag___TagKey_)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_DatabaseEngine](#amazonrds-rds_DatabaseEngine)
[#amazonrds-rds_DatabaseName](#amazonrds-rds_DatabaseName)
[#amazonrds-rds_StorageEncrypted](#amazonrds-rds_StorageEncrypted)
[#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass)
[#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize)
[#amazonrds-rds_MultiAz](#amazonrds-rds_MultiAz)
[#amazonrds-rds_Piops](#amazonrds-rds_Piops)
[#amazonrds-rds_Vpc](#amazonrds-rds_Vpc) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateCustomDBEngineVersion.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateCustomDBEngineVersion.html) **
- **Description:** Grants permission to create a custom engine version
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev) / **Condition keys:** / **Dependent actions:** iam:CreateServiceLinkedRole
mediaimport:CreateDatabaseBinarySnapshot
rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html) **
- **Description:** Grants permission to create a new DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
rds:AddTagsToResource
rds:CreateDBInstance
secretsmanager:CreateSecret
secretsmanager:TagResource
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_DatabaseEngine](#amazonrds-rds_DatabaseEngine)
[#amazonrds-rds_DatabaseName](#amazonrds-rds_DatabaseName)
[#amazonrds-rds_StorageEncrypted](#amazonrds-rds_StorageEncrypted)
[#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass)
[#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize)
[#amazonrds-rds_Piops](#amazonrds-rds_Piops)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterEndpoint.html) **
- **Description:** Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster or Amazon DocumentDB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_EndpointType](#amazonrds-rds_EndpointType)
[#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html) **
- **Description:** Grants permission to create a new DB cluster parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterSnapshot.html) **
- **Description:** Grants permission to create a snapshot of a DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) **
- **Description:** Grants permission to create a new DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** iam:PassRole
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
rds:AddTagsToResource
rds:CreateTenantDatabase
secretsmanager:CreateSecret
secretsmanager:TagResource
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_BackupTarget](#amazonrds-rds_BackupTarget)
[#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword)
[#amazonrds-rds_PubliclyAccessible](#amazonrds-rds_PubliclyAccessible) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstanceReadReplica.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstanceReadReplica.html) **
- **Description:** Grants permission to create a DB instance that acts as a Read Replica of a source DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_PubliclyAccessible](#amazonrds-rds_PubliclyAccessible) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html) **
- **Description:** Grants permission to create a new DB parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBProxy.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBProxy.html) **
- **Description:** Grants permission to create a database proxy
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
- **Dependent actions:** iam:PassRole
rds:AddTagsToResource
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBProxyEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBProxyEndpoint.html) **
- **Description:** Grants permission to create a database proxy endpoint
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBSecurityGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBSecurityGroup.html) **
- **Description:** Grants permission to create a new DB security group. DB security groups control access to a DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBShardGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBShardGroup.html) **
- **Description:** Grants permission to create a new Aurora Limitless Database DB shard group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_PubliclyAccessible](#amazonrds-rds_PubliclyAccessible) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBSnapshot.html) **
- **Description:** Grants permission to create a DBSnapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_BackupTarget](#amazonrds-rds_BackupTarget)
[#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBSubnetGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBSubnetGroup.html) **
- **Description:** Grants permission to create a new DB subnet group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateEventSubscription.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateEventSubscription.html) **
- **Description:** Grants permission to create an RDS event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateGlobalCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateGlobalCluster.html) **
- **Description:** Grants permission to create an Aurora global database or DocumentDB global database spread across multiple regions
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateIntegration.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateIntegration.html) **
- **Description:** Grants permission to create an Aurora zero-ETL integration with Redshift
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** kms:CreateGrant
kms:DescribeKey
rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateOptionGroup.html) **
- **Description:** Grants permission to create a new option group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateTenantDatabase.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateTenantDatabase.html) **
- **Description:** Grants permission to create a new tenant database
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_TenantDatabaseName](#amazonrds-rds_TenantDatabaseName)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) [permission only]**
- **Description:** Grants permission to access a resource in the remote Region when executing cross-Region operations, such as cross-Region snapshot copy or cross-Region read replica creation
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteBlueGreenDeployment.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteBlueGreenDeployment.html) **
- **Description:** Grants permission to delete blue green deployments
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-deployment](#amazonrds-deployment) / **Condition keys:** / **Dependent actions:** rds:DeleteDBCluster
rds:DeleteDBClusterEndpoint
rds:DeleteDBInstance
rds:PromoteReadReplica
rds:PromoteReadReplicaDBCluster
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteCustomDBEngineVersion.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteCustomDBEngineVersion.html) **
- **Description:** Grants permission to delete an existing custom engine version
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBCluster.html) **
- **Description:** Grants permission to delete a previously provisioned DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
rds:CreateDBClusterSnapshot
rds:DeleteDBInstance
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterAutomatedBackup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterAutomatedBackup.html) **
- **Description:** Grants permission to delete cluster automated backups based on the source cluster's DbClusterResourceId value or the restorable cluster's resource ID
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-auto-backup](#amazonrds-cluster-auto-backup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterEndpoint.html) **
- **Description:** Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster or Amazon DocumentDB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterParameterGroup.html) **
- **Description:** Grants permission to delete a specified DB cluster parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterSnapshot.html) **
- **Description:** Grants permission to delete a DB cluster snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBInstance.html) **
- **Description:** Grants permission to delete a previously provisioned DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:** rds:AddTagsToResource
rds:CreateDBSnapshot
rds:DeleteTenantDatabase
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBInstanceAutomatedBackup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBInstanceAutomatedBackup.html) **
- **Description:** Grants permission to delete automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBParameterGroup.html) **
- **Description:** Grants permission to delete a specified DBParameterGroup
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBProxy.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBProxy.html) **
- **Description:** Grants permission to delete a database proxy
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBProxyEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBProxyEndpoint.html) **
- **Description:** Grants permission to delete a database proxy endpoint
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBSecurityGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBSecurityGroup.html) **
- **Description:** Grants permission to delete a DB security group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBShardGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBShardGroup.html) **
- **Description:** Grants permission to delete an Aurora Limitless Database DB shard group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBSnapshot.html) **
- **Description:** Grants permission to delete a DBSnapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBSubnetGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBSubnetGroup.html) **
- **Description:** Grants permission to delete a DB subnet group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteEventSubscription.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteEventSubscription.html) **
- **Description:** Grants permission to delete an RDS event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteGlobalCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteGlobalCluster.html) **
- **Description:** Grants permission to delete a global database cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteIntegration.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteIntegration.html) **
- **Description:** Grants permission to delete an Aurora zero-ETL integration with Redshift
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteOptionGroup.html) **
- **Description:** Grants permission to delete an existing option group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteTenantDatabase.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteTenantDatabase.html) **
- **Description:** Grants permission to delete a tenant database
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
rds:CreateDBSnapshot
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeregisterDBProxyTargets.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeregisterDBProxyTargets.html) **
- **Description:** Grants permission to remove targets from a database proxy target group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeAccountAttributes.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeAccountAttributes.html) **
- **Description:** Grants permission to list all of the attributes for a customer account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeBlueGreenDeployments.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeBlueGreenDeployments.html) **
- **Description:** Grants permission to describe blue green deployments
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-deployment](#amazonrds-deployment)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeCertificates.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeCertificates.html) **
- **Description:** Grants permission to list the set of CA certificates provided by Amazon RDS for this AWS account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterAutomatedBackups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterAutomatedBackups.html) **
- **Description:** Grants permission to return a list of cluster automated backups for both current and deleted clusters
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-auto-backup](#amazonrds-cluster-auto-backup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterBacktracks.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterBacktracks.html) **
- **Description:** Grants permission to return information about backtracks for a DB cluster
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterEndpoints.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterEndpoints.html) **
- **Description:** Grants permission to return information about endpoints for an Amazon Aurora DB cluster
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterParameterGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterParameterGroups.html) **
- **Description:** Grants permission to return a list of DBClusterParameterGroup descriptions
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterParameters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterParameters.html) **
- **Description:** Grants permission to return the detailed parameter list for a particular DB cluster parameter group
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterSnapshotAttributes.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterSnapshotAttributes.html) **
- **Description:** Grants permission to return a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterSnapshots.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterSnapshots.html) **
- **Description:** Grants permission to return information about DB cluster snapshots
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) **
- **Description:** Grants permission to return information about provisioned Aurora DB clusters or DocumentDB clusters
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBEngineVersions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBEngineVersions.html) **
- **Description:** Grants permission to return a list of the available DB engines
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstanceAutomatedBackups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstanceAutomatedBackups.html) **
- **Description:** Grants permission to return a list of automated backups for both current and deleted instances
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) **
- **Description:** Grants permission to return information about provisioned RDS instances
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBLogFiles.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBLogFiles.html) **
- **Description:** Grants permission to return a list of DB log files for the DB instance
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBMajorEngineVersions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBMajorEngineVersions.html) **
- **Description:** Grants permission to return information specific for each DB major engine versions
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameterGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameterGroups.html) **
- **Description:** Grants permission to return a list of DBParameterGroup descriptions
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameters.html) **
- **Description:** Grants permission to return the detailed parameter list for a particular DB parameter group
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxies.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxies.html) **
- **Description:** Grants permission to view proxies
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxyEndpoints.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxyEndpoints.html) **
- **Description:** Grants permission to view proxy endpoints
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxyTargetGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxyTargetGroups.html) **
- **Description:** Grants permission to view database proxy target group details
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxyTargets.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBProxyTargets.html) **
- **Description:** Grants permission to view database proxy target details
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBRecommendations.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBRecommendations.html) **
- **Description:** Grants permission to list recommendation details
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSecurityGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSecurityGroups.html) **
- **Description:** Grants permission to return a list of DBSecurityGroup descriptions
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBShardGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBShardGroups.html) **
- **Description:** Grants permission to return information about all Aurora Limitless Database DB shard groups for this account. You can filter by shard group(s)
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshotAttributes.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshotAttributes.html) **
- **Description:** Grants permission to return a list of DB snapshot attribute names and values for a manual DB snapshot
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshotTenantDatabases.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshotTenantDatabases.html) **
- **Description:** Grants permission to return information about tenant databases in DB snapshots. You can filter by Region or snapshot
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot-tenant-database](#amazonrds-snapshot-tenant-database) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshots.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshots.html) **
- **Description:** Grants permission to return information about DB snapshots
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSubnetGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSubnetGroups.html) **
- **Description:** Grants permission to return a list of DBSubnetGroup descriptions
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEngineDefaultClusterParameters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEngineDefaultClusterParameters.html) **
- **Description:** Grants permission to return the default engine and system parameter information for the cluster database engine
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEngineDefaultParameters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEngineDefaultParameters.html) **
- **Description:** Grants permission to return the default engine and system parameter information for the specified database engine
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEventCategories.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEventCategories.html) **
- **Description:** Grants permission to display a list of categories for all event source types, or, if specified, for a specified source type
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEventSubscriptions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEventSubscriptions.html) **
- **Description:** Grants permission to list all the subscription descriptions for a customer account
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEvents.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEvents.html) **
- **Description:** Grants permission to return events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeExportTasks.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeExportTasks.html) **
- **Description:** Grants permission to return information about the export tasks
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeGlobalClusters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeGlobalClusters.html) **
- **Description:** Grants permission to return information about Aurora global database clusters or DocumentDB global database clusters
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeIntegrations.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeIntegrations.html) **
- **Description:** Grants permission to describe an Aurora zero-ETL integration with Redshift
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOptionGroupOptions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOptionGroupOptions.html) **
- **Description:** Grants permission to describe all available options
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOptionGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOptionGroups.html) **
- **Description:** Grants permission to describe the available option groups
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOrderableDBInstanceOptions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOrderableDBInstanceOptions.html) **
- **Description:** Grants permission to return a list of orderable DB instance options for the specified engine
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribePendingMaintenanceActions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribePendingMaintenanceActions.html) **
- **Description:** Grants permission to return a list of resources (for example, DB instances) that have at least one pending maintenance action
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/USER_Recommendations.html](https://docs.aws.amazon.com/AmazonRDS/latest/USER_Recommendations.html) [permission only]**
- **Description:** Grants permission to return information about recommendation groups
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/USER_Recommendations.html](https://docs.aws.amazon.com/AmazonRDS/latest/USER_Recommendations.html) [permission only]**
- **Description:** Grants permission to return information about recommendations
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeReservedDBInstances.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeReservedDBInstances.html) **
- **Description:** Grants permission to return information about reserved DB instances for this account, or about a specified reserved DB instance
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-ri](#amazonrds-ri)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeReservedDBInstancesOfferings.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeReservedDBInstancesOfferings.html) **
- **Description:** Grants permission to list available reserved DB instance offerings
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeSourceRegions.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeSourceRegions.html) **
- **Description:** Grants permission to return a list of the source AWS Regions where the current AWS Region can create a Read Replica or copy a DB snapshot from
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeTenantDatabases.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeTenantDatabases.html) **
- **Description:** Grants permission to return information about provisioned tenant databases. You can filter by Region or snapshot
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeValidDBInstanceModifications.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeValidDBInstanceModifications.html) **
- **Description:** Grants permission to list available modifications you can make to your DB instance
- **Access level:** List
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DisableHttpEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DisableHttpEndpoint.html) **
- **Description:** Grants permission to disable http endpoint for a DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/USER_LogAccess.html](https://docs.aws.amazon.com/AmazonRDS/latest/USER_LogAccess.html) **
- **Description:** Grants permission to download specified log file
- **Access level:** Read
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DownloadDBLogFilePortion.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DownloadDBLogFilePortion.html) **
- **Description:** Grants permission to download all or a portion of the specified log file, up to 1 MB in size
- **Access level:** Read
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_EnableHttpEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_EnableHttpEndpoint.html) **
- **Description:** Grants permission to enable http endpoint for a DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_FailoverDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_FailoverDBCluster.html) **
- **Description:** Grants permission to force a failover for a DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_FailoverGlobalCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_FailoverGlobalCluster.html) **
- **Description:** Grants permission to failover a global cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ListTagsForResource.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ListTagsForResource.html) **
- **Description:** Grants permission to list all tags on an Amazon RDS resource
- **Access level:** Read
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-auto-backup](#amazonrds-cluster-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-ri](#amazonrds-ri) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot-tenant-database](#amazonrds-snapshot-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyActivityStream.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyActivityStream.html) **
- **Description:** Grants permission to modify a database activity stream
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyCertificates.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyCertificates.html) **
- **Description:** Grants permission to modify the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyCurrentDBClusterCapacity.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyCurrentDBClusterCapacity.html) **
- **Description:** Grants permission to modify current cluster capacity for an Amazon Aurora Serverless DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyCustomDBEngineVersion.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyCustomDBEngineVersion.html) **
- **Description:** Grants permission to modify an existing custom engine version
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBCluster.html) **
- **Description:** Grants permission to modify a setting for an Amazon Aurora DB cluster or Amazon DocumentDB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
rds:ModifyDBInstance
secretsmanager:CreateSecret
secretsmanager:RotateSecret
secretsmanager:TagResource
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass)
[#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize)
[#amazonrds-rds_Piops](#amazonrds-rds_Piops)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterEndpoint.html) **
- **Description:** Grants permission to modify the properties of an endpoint in an Amazon Aurora DB cluster or Amazon DocumentDB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterParameterGroup.html) **
- **Description:** Grants permission to modify the parameters of a DB cluster parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html) **
- **Description:** Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html) **
- **Description:** Grants permission to modify settings for a DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** iam:PassRole
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
rds:AddTagsToResource
rds:CreateTenantDatabase
secretsmanager:CreateSecret
secretsmanager:RotateSecret
secretsmanager:TagResource
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBParameterGroup.html) **
- **Description:** Grants permission to modify the parameters of a DB parameter group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBProxy.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBProxy.html) **
- **Description:** Grants permission to modify database proxy
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBProxyEndpoint.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBProxyEndpoint.html) **
- **Description:** Grants permission to modify database proxy endpoint
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBProxyTargetGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBProxyTargetGroup.html) **
- **Description:** Grants permission to modify target group for a database proxy
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBRecommendation.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBRecommendation.html) **
- **Description:** Grants permission to modify recommendation
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBShardGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBShardGroup.html) **
- **Description:** Grants permission to modify properties of an Aurora Limitless Database DB shard group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshot.html) **
- **Description:** Grants permission to update a manual DB snapshot, which can be encrypted or not encrypted, with a new engine version
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html) **
- **Description:** Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSubnetGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSubnetGroup.html) **
- **Description:** Grants permission to modify an existing DB subnet group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyEventSubscription.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyEventSubscription.html) **
- **Description:** Grants permission to modify an existing RDS event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyGlobalCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyGlobalCluster.html) **
- **Description:** Grants permission to modify a setting for an Amazon Aurora global cluster or Amazon DocumentDB global cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyIntegration.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyIntegration.html) **
- **Description:** Grants permission to modify an Aurora zero-ETL integration with Redshift
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html) **
- **Description:** Grants permission to modify an existing option group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/USER_Recommendations.html](https://docs.aws.amazon.com/AmazonRDS/latest/USER_Recommendations.html) [permission only]**
- **Description:** Grants permission to modify recommendation
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyTenantDatabase.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyTenantDatabase.html) **
- **Description:** Grants permission to modify a tenant database
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_TenantDatabaseName](#amazonrds-rds_TenantDatabaseName)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PromoteReadReplica.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PromoteReadReplica.html) **
- **Description:** Grants permission to promote a Read Replica DB instance to a standalone DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:** rds:AddTagsToResource
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PromoteReadReplicaDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PromoteReadReplicaDBCluster.html) **
- **Description:** Grants permission to promote a Read Replica DB cluster to a standalone DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PurchaseReservedDBInstancesOffering.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PurchaseReservedDBInstancesOffering.html) **
- **Description:** Grants permission to purchase a reserved DB instance offering
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-ri](#amazonrds-ri) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RebootDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RebootDBCluster.html) **
- **Description:** Grants permission to reboot a previously provisioned DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:** rds:RebootDBInstance
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RebootDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RebootDBInstance.html) **
- **Description:** Grants permission to restart the database engine service
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RebootDBShardGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RebootDBShardGroup.html) **
- **Description:** Grants permission to reboot an Aurora Limitless Database DB shard group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RegisterDBProxyTargets.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RegisterDBProxyTargets.html) **
- **Description:** Grants permission to add targets to a database proxy target group
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveFromGlobalCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveFromGlobalCluster.html) **
- **Description:** Grants permission to detach an Aurora secondary cluster from an Aurora global database cluster or DocumentDB global cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveRoleFromDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveRoleFromDBCluster.html) **
- **Description:** Grants permission to disassociate an AWS Identity and Access Management (IAM) role from an Amazon Aurora DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveRoleFromDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveRoleFromDBInstance.html) **
- **Description:** Grants permission to disassociate an AWS Identity and Access Management (IAM) role from a DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveSourceIdentifierFromSubscription.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveSourceIdentifierFromSubscription.html) **
- **Description:** Grants permission to remove a source identifier from an existing RDS event notification subscription
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveTagsFromResource.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveTagsFromResource.html) **
- **Description:** Grants permission to remove metadata tags from an Amazon RDS resource
- **Access level:** Tagging
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cev](#amazonrds-cev) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-auto-backup](#amazonrds-cluster-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-endpoint](#amazonrds-cluster-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-deployment](#amazonrds-deployment) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-es](#amazonrds-es) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-integration](#amazonrds-integration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy](#amazonrds-proxy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-proxy-endpoint](#amazonrds-proxy-endpoint) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-ri](#amazonrds-ri) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-shardgrp](#amazonrds-shardgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot-tenant-database](#amazonrds-snapshot-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-target-group](#amazonrds-target-group) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-tenant-database](#amazonrds-tenant-database) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBClusterParameterGroup.html) **
- **Description:** Grants permission to modify the parameters of a DB cluster parameter group to the default value
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBParameterGroup.html) **
- **Description:** Grants permission to modify the parameters of a DB parameter group to the engine/system default value
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBClusterFromS3.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBClusterFromS3.html) **
- **Description:** Grants permission to create an Amazon Aurora DB cluster from data stored in an Amazon S3 bucket
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
rds:AddTagsToResource
secretsmanager:CreateSecret
secretsmanager:TagResource
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_DatabaseEngine](#amazonrds-rds_DatabaseEngine)
[#amazonrds-rds_DatabaseName](#amazonrds-rds_DatabaseName)
[#amazonrds-rds_StorageEncrypted](#amazonrds-rds_StorageEncrypted)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBClusterFromSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBClusterFromSnapshot.html) **
- **Description:** Grants permission to create a new DB cluster from a DB cluster snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
rds:AddTagsToResource
rds:CreateDBInstance
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass)
[#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize)
[#amazonrds-rds_Piops](#amazonrds-rds_Piops) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBClusterToPointInTime.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBClusterToPointInTime.html) **
- **Description:** Grants permission to restore a DB cluster to an arbitrary point in time
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
rds:AddTagsToResource
rds:CreateDBInstance
- **Resource types (\*required):** [#amazonrds-cluster-pg](#amazonrds-cluster-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-auto-backup](#amazonrds-cluster-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass)
[#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize)
[#amazonrds-rds_Piops](#amazonrds-rds_Piops) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html) **
- **Description:** Grants permission to create a new DB instance from a DB snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** iam:PassRole
rds:AddTagsToResource
rds:CreateTenantDatabase
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_BackupTarget](#amazonrds-rds_BackupTarget)
[#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword)
[#amazonrds-rds_PubliclyAccessible](#amazonrds-rds_PubliclyAccessible) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromS3.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromS3.html) **
- **Description:** Grants permission to create a new DB instance from an Amazon S3 bucket
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** iam:PassRole
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
rds:AddTagsToResource
secretsmanager:CreateSecret
secretsmanager:TagResource
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword)
[#amazonrds-rds_PubliclyAccessible](#amazonrds-rds_PubliclyAccessible) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceToPointInTime.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceToPointInTime.html) **
- **Description:** Grants permission to restore a DB instance to an arbitrary point in time
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** iam:PassRole
rds:AddTagsToResource
rds:CreateTenantDatabase
- **Resource types (\*required):** [#amazonrds-og](#amazonrds-og) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-pg](#amazonrds-pg) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-subgrp](#amazonrds-subgrp) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-rds_BackupTarget](#amazonrds-rds_BackupTarget)
[#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_)
[#amazonrds-rds_ManageMasterUserPassword](#amazonrds-rds_ManageMasterUserPassword)
[#amazonrds-rds_PubliclyAccessible](#amazonrds-rds_PubliclyAccessible) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RevokeDBSecurityGroupIngress.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RevokeDBSecurityGroupIngress.html) **
- **Description:** Grants permission to revoke ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-secgrp](#amazonrds-secgrp)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartActivityStream.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartActivityStream.html) **
- **Description:** Grants permission to start Activity Stream
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBCluster.html) **
- **Description:** Grants permission to start the DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBInstance.html) **
- **Description:** Grants permission to start the DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBInstanceAutomatedBackupsReplication.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBInstanceAutomatedBackupsReplication.html) **
- **Description:** Grants permission to start replication of automated backups to a different AWS Region
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-auto-backup](#amazonrds-auto-backup) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_RequestTag___TagKey_](#amazonrds-aws_RequestTag___TagKey_)
[#amazonrds-aws_TagKeys](#amazonrds-aws_TagKeys)
[#amazonrds-rds_req-tag___TagKey_](#amazonrds-rds_req-tag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartExportTask.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartExportTask.html) **
- **Description:** Grants permission to start a new Export task for a DB snapshot
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:** iam:PassRole
- **Resource types (\*required):** [#amazonrds-cluster-snapshot](#amazonrds-cluster-snapshot) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopActivityStream.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopActivityStream.html) **
- **Description:** Grants permission to stop Activity Stream
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBCluster.html) **
- **Description:** Grants permission to stop the DB cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBInstance.html) **
- **Description:** Grants permission to stop the DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db) / **Condition keys:** / **Dependent actions:** rds:AddTagsToResource
rds:CreateDBSnapshot
- **Resource types (\*required):** [#amazonrds-snapshot](#amazonrds-snapshot) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBInstanceAutomatedBackupsReplication.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBInstanceAutomatedBackupsReplication.html) **
- **Description:** Grants permission to stop automated backup replication for a DB instance
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_SwitchoverBlueGreenDeployment.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_SwitchoverBlueGreenDeployment.html) **
- **Description:** Grants permission to switch a blue-green deployment from source instance or cluster to target
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-deployment](#amazonrds-deployment) / **Condition keys:** / **Dependent actions:** rds:ModifyDBCluster
rds:ModifyDBInstance
rds:PromoteReadReplica
rds:PromoteReadReplicaDBCluster
- **Resource types (\*required):** / **Condition keys:** [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_SwitchoverGlobalCluster.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_SwitchoverGlobalCluster.html) **
- **Description:** Grants permission to switchover a global cluster
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-cluster](#amazonrds-cluster) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#amazonrds-global-cluster](#amazonrds-global-cluster) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_SwitchoverReadReplica.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_SwitchoverReadReplica.html) **
- **Description:** Grants permission to switch over a read replica, making it the new primary database
- **Access level:** Write
- **Resource types (\*required):** [#amazonrds-db](#amazonrds-db)
- **Condition keys:**
- **Dependent actions:**
## Resource types defined by Amazon RDS
The following resource types are defined by this service and can be used in the `Resource` element of IAM permission policy statements. Each action in the [Actions table](#amazonrds-actions-as-permissions) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see [Resource types table](reference_policies_actions-resources-contextkeys.html#resources_table).
****
| Resource types | ARN | Condition keys |
| --- | --- | --- |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Aurora.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Aurora.html) | arn:${Partition}:rds:${Region}:${Account}:cluster:${DbClusterInstanceName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_cluster-tag___TagKey_](#amazonrds-rds_cluster-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless-architecture.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless-architecture.html) | arn:${Partition}:rds:${Region}:${Account}:shard-group:${DbShardGroupResourceId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html) | arn:${Partition}:rds:${Region}:${Account}:cluster-auto-backup:${DbClusterAutomatedBackupId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html) | arn:${Partition}:rds:${Region}:${Account}:auto-backup:${DbInstanceAutomatedBackupId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html) | arn:${Partition}:rds:${Region}:${Account}:cluster-endpoint:${DbClusterEndpoint} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) | arn:${Partition}:rds:${Region}:${Account}:cluster-pg:${ClusterParameterGroupName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_cluster-pg-tag___TagKey_](#amazonrds-rds_cluster-pg-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html) | arn:${Partition}:rds:${Region}:${Account}:cluster-snapshot:${ClusterSnapshotName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_cluster-snapshot-tag___TagKey_](#amazonrds-rds_cluster-snapshot-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.html) | arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass)
[#amazonrds-rds_DatabaseEngine](#amazonrds-rds_DatabaseEngine)
[#amazonrds-rds_DatabaseName](#amazonrds-rds_DatabaseName)
[#amazonrds-rds_MultiAz](#amazonrds-rds_MultiAz)
[#amazonrds-rds_Piops](#amazonrds-rds_Piops)
[#amazonrds-rds_StorageEncrypted](#amazonrds-rds_StorageEncrypted)
[#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize)
[#amazonrds-rds_Vpc](#amazonrds-rds_Vpc)
[#amazonrds-rds_db-tag___TagKey_](#amazonrds-rds_db-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) | arn:${Partition}:rds:${Region}:${Account}:es:${SubscriptionName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_es-tag___TagKey_](#amazonrds-rds_es-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html) | arn:${Partition}:rds::${Account}:global-cluster:${GlobalCluster} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithOptionGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithOptionGroups.html) | arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_og-tag___TagKey_](#amazonrds-rds_og-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) | arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_pg-tag___TagKey_](#amazonrds-rds_pg-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html) | arn:${Partition}:rds:${Region}:${Account}:db-proxy:${DbProxyId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html) | arn:${Partition}:rds:${Region}:${Account}:db-proxy-endpoint:${DbProxyEndpointId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html) | arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_ri-tag___TagKey_](#amazonrds-rds_ri-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html) | arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_secgrp-tag___TagKey_](#amazonrds-rds_secgrp-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html) | arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_snapshot-tag___TagKey_](#amazonrds-rds_snapshot-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html#USER_VPC.Scenario1](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html#USER_VPC.Scenario1) | arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_)
[#amazonrds-rds_subgrp-tag___TagKey_](#amazonrds-rds_subgrp-tag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html) | arn:${Partition}:rds:${Region}:${Account}:target-group:${TargetGroupId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html) | arn:${Partition}:rds:${Region}:${Account}:cev:${Engine}/${EngineVersion}/${CustomDbEngineVersionId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) | arn:${Partition}:rds:${Region}:${Account}:deployment:${BlueGreenDeploymentIdentifier} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/zero-etl.html](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/zero-etl.html) | arn:${Partition}:rds:${Region}:${Account}:integration:${IntegrationIdentifier} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Concepts.single-tenant.snapshots.html#br-cdb.db-snapshots](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Concepts.single-tenant.snapshots.html#br-cdb.db-snapshots) | arn:${Partition}:rds:${Region}:${Account}:snapshot-tenant-database:${SnapshotName}:${TenantResourceId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Concepts.CDBs.html#multi-tenant-configuration](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Concepts.CDBs.html#multi-tenant-configuration) | arn:${Partition}:rds:${Region}:${Account}:tenant-database:${TenantResourceId} | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
## Condition keys for Amazon RDS
Amazon RDS defines the following condition keys that can be used in the `Condition` element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see [Condition keys table](reference_policies_actions-resources-contextkeys.html#context_keys_table).
To view the global condition keys that are available to all services, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).
****
| Condition keys | Description | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | Filters access by the set of tag key-value pairs in the request | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | Filters access by the set of tag key-value pairs attached to the resource | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | Filters access by the set of tag keys in the request | ArrayOfString |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the type of backup target. One of: region, outposts | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that specifies whether the CopyDBSnapshot action requires copying the DB option group | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the type of DB instance class | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the database engine. For possible values refer to the engine parameter in CreateDBInstance API | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the user-defined name of the database on the DB instance | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the type of the endpoint. One of: READER, WRITER, CUSTOM | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that specifies whether RDS manages master user password in AWS Secrets Manager for the DB instance or cluster | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that specifies whether the DB instance runs in multiple Availability Zones. To indicate that the DB instance is using Multi-AZ, specify true | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that contains the number of Provisioned IOPS (PIOPS) that the instance supports. To indicate a DB instance that does not have PIOPS enabled, specify 0 | Numeric |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that specifies whether the DB Instance or DB ShardGroup is publicly accessible | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that specifies whether the DB instance storage should be encrypted. To enforce storage encryption, specify true | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the storage volume size (in GB) | Numeric |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access for rds:AddTagsToResource based on whether tags are explicitly specified in the Tags or TagSpecification request parameters. Evaluates to true when tags are provided in these parameters. Evaluates as false when tags are implicitly inherited from source resources | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tenant database name in CreateTenantDatabase and by the new tenant database name in ModifyTenantDatabase | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the value that specifies whether the DB instance runs in an Amazon Virtual Private Cloud (Amazon VPC). To indicate that the DB instance runs in an Amazon VPC, specify true | Bool |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB cluster parameter group | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB cluster snapshot | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB cluster | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB instance | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to an event subscription | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB option group | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB parameter group | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the set of tag keys and values that can be used to tag a resource | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a reserved DB instance | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB security group | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB snapshot | String |
| [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | Filters access by the tag attached to a DB subnet group | String |