Creating a custom IAM policy for Performance Insights
For users who don't have either the AmazonRDSPerformanceInsightsReadOnly or
AmazonRDSPerformanceInsightsFullAccess policy, you can grant access to Performance Insights
by creating or modifying a user-managed IAM policy. When you attach the policy to an IAM
permission set or role, the recipient can use Performance Insights.
To create a custom policy
Open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane, choose Policies.
-
Choose Create policy.
-
On the Create Policy page, choose the JSON option.
-
Copy and paste the text provided in the JSON policy document section in the Amazon Managed Policy Reference Guide for AmazonRDSPerformanceInsightsReadOnly or AmazonRDSPerformanceInsightsFullAccess policy.
-
Choose Review policy.
-
Provide a name for the policy and optionally a description, and then choose Create policy.
You can now attach the policy to a permission set or role. The following procedure assumes that you already have a user available for this purpose.
To attach the policy to a user
Open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane, choose Users.
-
Choose an existing user from the list.
Important
To use Performance Insights, make sure that you have access to Amazon RDS in addition to the custom policy. For example, the
AmazonRDSPerformanceInsightsReadOnlypredefined policy provides read-only access to Amazon RDS. For more information, see Managing access using policies. -
On the Summary page, choose Add permissions.
-
Choose Attach existing policies directly. For Search, type the first few characters of your policy name, as shown in the following image.
-
Choose your policy, and then choose Next: Review.
-
Choose Add permissions.