本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon RDS 的操作、资源和条件键
Amazon RDS(服务前缀:`rds`)提供以下服务特定的资源、操作和条件上下文键以在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/)。
+ 查看[适用于该服务的 API 操作列表](https://docs.amazonaws.cn/AmazonRDS/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html) 权限策略保护该服务及其资源。
**Topics**
+ [Amazon RDS 定义的操作](#amazonrds-actions-as-permissions)
+ [Amazon RDS 定义的资源类型](#amazonrds-resources-for-iam-policies)
+ [Amazon RDS 的条件键](#amazonrds-policy-keys)
## Amazon RDS 定义的操作
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 Amazon中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\$1”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\$1) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#amazonrds-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\$1 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/service-authorization/latest/reference/list_amazonrds.html)
## Amazon RDS 定义的资源类型
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#amazonrds-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/CHAP_Aurora.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/CHAP_Aurora.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:cluster:\$1\$1DbClusterInstanceName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_cluster-tag___TagKey_](#amazonrds-rds_cluster-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/limitless-architecture.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/limitless-architecture.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:shard-group:\$1\$1DbShardGroupResourceId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:cluster-auto-backup:\$1\$1DbClusterAutomatedBackupId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:auto-backup:\$1\$1DbInstanceAutomatedBackupId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:cluster-endpoint:\$1\$1DbClusterEndpoint\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:cluster-pg:\$1\$1ClusterParameterGroupName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_cluster-pg-tag___TagKey_](#amazonrds-rds_cluster-pg-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:cluster-snapshot:\$1\$1ClusterSnapshotName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_cluster-snapshot-tag___TagKey_](#amazonrds-rds_cluster-snapshot-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Overview.DBInstance.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Overview.DBInstance.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:db:\$1\$1DbInstanceName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_DatabaseClass](#amazonrds-rds_DatabaseClass) [#amazonrds-rds_DatabaseEngine](#amazonrds-rds_DatabaseEngine) [#amazonrds-rds_DatabaseName](#amazonrds-rds_DatabaseName) [#amazonrds-rds_MultiAz](#amazonrds-rds_MultiAz) [#amazonrds-rds_Piops](#amazonrds-rds_Piops) [#amazonrds-rds_StorageEncrypted](#amazonrds-rds_StorageEncrypted) [#amazonrds-rds_StorageSize](#amazonrds-rds_StorageSize) [#amazonrds-rds_Vpc](#amazonrds-rds_Vpc) [#amazonrds-rds_db-tag___TagKey_](#amazonrds-rds_db-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_Events.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_Events.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:es:\$1\$1SubscriptionName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_es-tag___TagKey_](#amazonrds-rds_es-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html) | arn:\$1\$1Partition\$1:rds::\$1\$1Account\$1:global-cluster:\$1\$1GlobalCluster\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithOptionGroups.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithOptionGroups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:og:\$1\$1OptionGroupName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_og-tag___TagKey_](#amazonrds-rds_og-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:pg:\$1\$1ParameterGroupName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_pg-tag___TagKey_](#amazonrds-rds_pg-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/rds-proxy.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/rds-proxy.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:db-proxy:\$1\$1DbProxyId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/rds-proxy.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/rds-proxy.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:db-proxy-endpoint:\$1\$1DbProxyEndpointId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:ri:\$1\$1ReservedDbInstanceName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_ri-tag___TagKey_](#amazonrds-rds_ri-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:secgrp:\$1\$1SecurityGroupName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_secgrp-tag___TagKey_](#amazonrds-rds_secgrp-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:snapshot:\$1\$1SnapshotName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_snapshot-tag___TagKey_](#amazonrds-rds_snapshot-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html#USER_VPC.Scenario1](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html#USER_VPC.Scenario1) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:subgrp:\$1\$1SubnetGroupName\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) [#amazonrds-rds_subgrp-tag___TagKey_](#amazonrds-rds_subgrp-tag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/rds-proxy.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/rds-proxy.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:target-group:\$1\$1TargetGroupId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/custom-cev.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/custom-cev.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:cev:\$1\$1Engine\$1/\$1\$1EngineVersion\$1/\$1\$1CustomDbEngineVersionId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/blue-green-deployments.html](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/blue-green-deployments.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:deployment:\$1\$1BlueGreenDeploymentIdentifier\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/zero-etl.html](https://docs.amazonaws.cn/AmazonRDS/latest/AuroraUserGuide/zero-etl.html) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:integration:\$1\$1IntegrationIdentifier\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Oracle.Concepts.single-tenant.snapshots.html#br-cdb.db-snapshots](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Oracle.Concepts.single-tenant.snapshots.html#br-cdb.db-snapshots) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:snapshot-tenant-database:\$1\$1SnapshotName\$1:\$1\$1TenantResourceId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Oracle.Concepts.CDBs.html#multi-tenant-configuration](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/Oracle.Concepts.CDBs.html#multi-tenant-configuration) | arn:\$1\$1Partition\$1:rds:\$1\$1Region\$1:\$1\$1Account\$1:tenant-database:\$1\$1TenantResourceId\$1 | [#amazonrds-aws_ResourceTag___TagKey_](#amazonrds-aws_ResourceTag___TagKey_) |
## Amazon RDS 的条件键
Amazon RDS 定义以下可以在 IAM policy 的 `Condition` 元素中使用的条件键。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [Amazon 全局条件上下文键](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | Type |
| --- | --- | --- |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 按请求中的标签键值对集筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 按附加到资源的标签键值对集筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 按照请求中的标签键集筛选访问权限 | ArrayOfString |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按备份目标类型筛选访问权限 以下选项之一:region、outposts | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按指定 “复制” DBSnapshot 操作是否需要复制数据库选项组的值筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按数据库实例类的类型筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按数据库引擎筛选访问。有关可能的值,请参阅 Create DBInstance API 中的引擎参数 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按数据库实例上的数据库的用户定义名称筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按终端节点类型筛选访问。它是以下内容之一:READER、WRITER、CUSTOM | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按指定 RDS 是否在 S Amazon ecrets Manager 中管理数据库实例或集群的主用户密码的值筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按指定数据库实例是否在多个可用区中运行的值来筛选访问。要指示数据库实例在使用多可用区,请指定 true。 | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按包含实例所支持的预置 IOPS (PIOPS) 数的值筛选访问。要指示未启用 PIOPS 的数据库实例,请指定 0 | 数值 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按指定数据库实例或数据库 ShardGroup 是否可公开访问的值筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按指定是否应对数据库实例存储进行加密的值筛选访问。要执行存储加密,请指定 true | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按存储卷大小(以 GB 为单位)筛选访问 | 数值 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 筛选 rds 的访问权限:AddTagsToResource 根据标签还是 TagSpecification 请求参数中明确指定标签。当这些参数中提供标签时,计算结果为 true。当标签是隐式继承自源资源时,评估结果为 false | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按中的租户数据库名称 CreateTenantDatabase 和中的新租户数据库名称筛选访问权限 ModifyTenantDatabase | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 指定数据库实例是否在 Amazon Virtual Private Cloud (Amazon VPC) 中运行的值筛选访问。要指示数据库实例在 Amazon VPC 中运行,请指定 true | 布尔型 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库集群参数组的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库集群快照的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库集群的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库实例的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到事件订阅的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库选项组的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库参数组的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按可用于对资源进行标记的一组标签键和值筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到预留数据库实例的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库安全组的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库快照的标签筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/security_iam_service-with-iam.html#UsingWithRDS.IAM.Conditions) | 按附加到数据库子网组的标签筛选访问 | 字符串 |