Resource types available in IAM Neptune administrative policy statements - Amazon Neptune
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Resource types available in IAM Neptune administrative policy statements

Neptune supports the resource types in the following table for use in the Resource element of IAM administration policy statements. For more information about the Resource element, see IAM JSON Policy Elements: Resource.

The list of Neptune administration actions identifies the resource types that can be specified with each action. A resource type also determines which condition keys you can include in a policy, as specified in the last column of the table below.

The ARN column in the table below specifies the Amazon Resource Name (ARN) format that you must use to reference resources of this type. The portions that are preceded by a $ must be replaced by the actual values for your scenario. For example, if you see $user-name in an ARN, you must replace that string either with the actual IAM user's name or with a policy variable that contains an IAM user name. For more information about ARNs, see IAM ARNs, and Working with administrative ARNs in Amazon Neptune.

The Condition Keys column specifies condition context keys that you can include in an IAM policy statement only when both this resource and a compatible supporting action are included in the statement.

Resource Types ARN Condition Keys

cluster

(a DB cluster)

arn:partition:rds:region:account-id:cluster:instance-name

aws:ResourceTag/tag-key

rds:cluster-tag/tag-key

cluster-pg

(a DB cluster parameter group)

arn:partition:rds:region:account-id:cluster-pg:neptune-DBClusterParameterGroupName

aws:ResourceTag/tag-key

cluster-snapshot

(a DB cluster snapshot)

arn:partition:rds:region:account-id:cluster-snapshot:neptune-DBClusterSnapshotName

aws:ResourceTag/tag-key

rds:cluster-snapshot-tag/tag-key

db

(a DB instance)

arn:partition:rds:region:account-id:db:neptune-DbInstanceName

aws:ResourceTag/tag-key

rds:DatabaseClass

rds:DatabaseEngine

rds:db-tag/tag-key

es

(an event subscription)

arn:partition:rds:region:account-id:es:neptune-CustSubscriptionId

aws:ResourceTag/tag-key

rds:es-tag/tag-key

pg

(a DB parameter group)

arn:partition:rds:region:account-id:pg:neptune-ParameterGroupName

aws:ResourceTag/tag-key

rds:pg-tag/tag-key

subgrp

(a DB subnet group)

arn:partition:rds:region:account-id:subgrp:neptune-DBSubnetGroupName}

aws:ResourceTag/tag-key

rds:subgrp-tag/tag-key