Amazon RDS:允许标签所有者不受限制地访问其标记的 RDS 资源 - Amazon Identity and Access Management
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon RDS:允许标签所有者不受限制地访问其标记的 RDS 资源

此示例显示您可以创建一个基于身份的策略,对标签所有者授予对已标记的 RDS 资源的完全访问权限。此策略授予有计划地通过 Amazon API 或 Amazon CLI 完成此操作的必要权限。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:Describe*", "rds:List*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "rds:DeleteDBInstance", "rds:RebootDBInstance", "rds:ModifyDBInstance" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:db-tag/Owner": "${aws:username}"} } }, { "Action": [ "rds:ModifyOptionGroup", "rds:DeleteOptionGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:og-tag/Owner": "${aws:username}"} } }, { "Action": [ "rds:ModifyDBParameterGroup", "rds:ResetDBParameterGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:pg-tag/Owner": "${aws:username}"} } }, { "Action": [ "rds:AuthorizeDBSecurityGroupIngress", "rds:RevokeDBSecurityGroupIngress", "rds:DeleteDBSecurityGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:secgrp-tag/Owner": "${aws:username}"} } }, { "Action": [ "rds:DeleteDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:snapshot-tag/Owner": "${aws:username}"} } }, { "Action": [ "rds:ModifyDBSubnetGroup", "rds:DeleteDBSubnetGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:subgrp-tag/Owner": "${aws:username}"} } }, { "Action": [ "rds:ModifyEventSubscription", "rds:AddSourceIdentifierToSubscription", "rds:RemoveSourceIdentifierFromSubscription", "rds:DeleteEventSubscription" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": {"rds:es-tag/Owner": "${aws:username}"} } } ] }