Configuring access policies for Performance Insights

To access Performance Insights, a principal must have the appropriate permissions from Amazon Identity and Access Management (IAM).

Note

To use Performance Insights with a customer-managed key, grant users the kms:Decrypt and kms:GenerateDataKey permissions for your Amazon Amazon KMS key.

Access Performance Insights using these methods:

Attach the AmazonRDSPerformanceInsightsReadOnly managed policy for read-only access
Attach the AmazonRDSPerformanceInsightsFullAccess managed policy for access to all operations of the Performance Insights API
Create a custom IAM policy with specific permissions
Configure Amazon KMS permissions for encrypted Performance Insights data
Set up fine-grained access using resource-level permissions
Use tag-based access control to manage permissions through resource tags

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Turn on the Performance Schema for Amazon RDS for MariaDB or MySQL

Attaching the AmazonRDSPerformanceInsightsReadOnly policy to an IAM principal