Menu
Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Access Control for Performance Insights

To access Performance Insights, you must have the appropriate permissions from AWS Identity and Access Management (IAM). There are two options available for granting access:

  1. Attach the AmazonRDSFullAccess managed policy to an IAM user or role.

  2. Create a custom IAM policy and attach it to an IAM user or role.

AmazonRDSFullAccess Managed Policy

AmazonRDSFullAccess is an AWS-managed policy that grants access to all of the Amazon RDS API actions. The policy also grants access to related services that are used by the Amazon RDS console—for example, event notifications using Amazon SNS.

In addition, AmazonRDSFullAccess contains all the permissions needed for using Performance Insights. If you attach this policy to an IAM user or role, the recipient can use Performance Insights, in addition to all of the other features of the Amazon RDS console.

Using a Custom IAM Policy

You can grant access to Performance Insights by creating or modifying a user-managed IAM policy. When you attach the policy to an IAM user or role, the recipient can use Performance Insights.

To create a custom policy

  1. Open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the left navigation pane, choose Policies.

  3. Choose Create policy.

  4. On the Create Policy page, go to Create Your Own Policy and choose Select.

  5. On the Review Policy page, set the following values:

    • Policy Name: Type a name for the policy, for example: PerformanceInsightsFullAccess

    • Description: (Optional) Type a short description for the policy.

    • Policy Document: Copy and paste the following:

      Copy
      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "pi:*", "Resource": "arn:aws:pi:*:*:metrics/rds/*" } ] }

    When the settings are as you want them, choose Create Policy.

You can now attach the policy to an IAM user or role. The following procedure assumes that you already have an IAM user available for this purpose.

To attach the policy to an IAM user

  1. Open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the left navigation pane, choose Users.

  3. Choose an existing user from the list.

  4. On the Summary page, choose Add permissions.

  5. Choose Attach existing policies directly. For Search, type the first few characters of your policy name, as shown following.

    
							Choose a Policy
  6. Choose your policy, and then choose Next: Review.

  7. Choose Add permissions.