Amazon RDS or Amazon Relational Database System is a highly scalable, secure, compact, and cost-efficient relational database in the cloud offered by AWS. In this article, we are going to look into how to limit access of AWS IAM users to an Amazon RDS(Relational Database Service) instance. Then we will explore how to give the least privileges required to perform specific actions for an Amazon RDS instance. Let’s get started.
Sign in to the AWS management console and select services and go to the IAM console.
On the IAM console choose users from the navigation panel.
Now choose to Add user and enter the username. For Access type choose AWS Management Console access and create a custom password for the Amazon RDS console.
Note: If you opt for the Programmatic access, it creates access tokens using the access key ID and the secret access key for AWS API, CLI, SDK, and other development tools.
To provide access to the AWS command-line interface choose programmatic access. For programmatic access be sure to download the access key id and the secret access key by choosing the download.csv.
Now Choose the set permissions and choose the set tags.
Now choose the next review. Here review the permissions and tags and then choose the create user option.
Now Return to the IAM console and choose users from the navigation panel. Then choose the user that you created from the permissions tab and finally choose Add inline policy.
Next, choose the JSON tab and enter one or more of the following IAM policy based on your requirement as listed below:
- Creating and deleting RDS DB instances.
- Stopping and starting RDS DB instances.
- Performing backup and recovery.
- Creating DB snapshots.
- Restoring DB instance from DB snapshots.
- Point in time restore.
- Modifying RDS DB instances.
- Enabling enhanced monitoring and performance insights.
- Creating modifying and deleting DB parameter groups and DB option groups.
- Viewing amazon cloud watch metrics from the Amazon RDS console.