메뉴
Amazon Relational Database Service
사용 설명서 (API Version 2014-10-31)

Amazon RDS API 권한: 작업, 리소스 및 조건 참조

IAM 자격 증명에 연결할 수 있는 액세스 제어 및 쓰기 권한 정책(자격 증명 기반 정책)을 설정할 때 다음 표를 참조로 사용할 수 있습니다. 표에는 각 Amazon RDS API 작업, 작업 수행 권한을 부여할 수 있는 대상 작업, 권한을 부여할 수 있는 대상 AWS 리소스, 세부적인 액세스 제어를 위해 포함할 수 있는 조건 키가 나와 있습니다. 조건에 대한 자세한 내용은 IAM 정책 조건을 사용하여 세부적인 액세스 제어 구현을(를) 참조하십시오. 정책의 Action 필드에서 작업을 지정하고, Resource 필드에서 리소스 값을 지정하고, Condition 필드에서 조건을 지정합니다.

Amazon RDS 정책에서 AWS 차원 조건 키를 사용하여 조건을 표시할 수 있습니다. AWS 차원 키의 전체 목록은 IAM 사용 설명서사용할 수 있는 키을(를) 참조하십시오.

참고

작업을 지정하려면 rds: 접두사 다음에 API 작업 이름을 사용합니다(예: rds:CreateDBInstance).

표의 오른쪽 위 모서리에 확장 화살표()가 보이는 경우 새 창에서 표를 열 수 있습니다. 창을 닫으려면 오른쪽 아래 모서리에 있는 닫기 버튼(X)을 선택합니다.

Amazon RDS API 및 작업에 대한 필수 권한

RDS API 작업 리소스 조건 키

AddSourceIdentifierToSubscription

rds:AddSourceIdentifierToSubscription

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

AddTagsToResource

rds:AddTagsToResource

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

예약 DB 인스턴스

arn:aws:rds:region:account-id:ri:reserved-db-instance-name

rds:ri-tag

ApplyPendingMaintenanceAction

rds:ApplyPendingMaintenanceAction

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

AuthorizeDBSecurityGroupIngress

rds:AuthorizeDBSecurityGroupIngress

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

CopyDBClusterSnapshot

rds:CopyDBClusterSnapshot

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

CopyDBParameterGroup

rds:CopyDBParameterGroup

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

CopyDBSnapshot

rds:CopyDBSnapshot

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

CopyOptionGroup

rds:CopyOptionGroup

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

CreateDBCluster

rds:CreateDBCluster

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-name

rds:DatabaseEngine

rds:DatabaseName

rds:cluster-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

CreateDBClusterParameterGroup

rds:CreateDBClusterParameterGroup

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

CreateDBClusterSnapshot

rds:CreateDBClusterSnapshot

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-name

rds:cluster-tag

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

CreateDBInstance

rds:CreateDBInstance

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:DatabaseEngine

rds:DatabaseName

rds:MultiAz

rds:Piops

rds:StorageSize

rds:Vpc

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

CreateDBInstanceReadReplica

rds:CreateDBInstanceReadReplica

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:Piops

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

CreateDBParameterGroup

rds:CreateDBParameterGroup

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

CreateDBSecurityGroup

rds:CreateDBSecurityGroup

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

CreateDBSnapshot

rds:CreateDBSnapshot

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

CreateDBSubnetGroup

rds:CreateDBSubnetGroup

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

CreateEventSubscription

rds:CreateEventSubscription

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

CreateOptionGroup

rds:CreateOptionGroup

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DeleteDBCluster

rds:DeleteDBCluster

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-name

rds:cluster-tag

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

DeleteDBClusterParameterGroup

rds:DeleteDBClusterParameterGroup

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

DeleteDBClusterSnapshot

rds:DeleteDBClusterSnapshot

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

DeleteDBInstance

rds:DeleteDBInstance

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DeleteDBParameterGroup

rds:DeleteDBParameterGroup

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DeleteDBSecurityGroup

rds:DeleteDBSecurityGroup

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

DeleteDBSnapshot

rds:DeleteDBSnapshot

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

DeleteDBSubnetGroup

rds:DeleteDBSubnetGroup

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

DeleteEventSubscription

rds:DeleteEventSubscription

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

DeleteOptionGroup

rds:DeleteOptionGroup

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DescribeAccountAttributes

rds:DescribeAccountAttributes

DescribeCertificates

rds:DescribeCertificates

DescribeDBClusterParameterGroups

rds:DescribeDBClusterParameterGroups

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

DescribeDBClusterParameters

rds:DescribeDBClusterParameters

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

DescribeDBClusters

rds:DescribeDBClusters

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-instance-name

rds:cluster-tag

DescribeDBClusterSnapshotAttributes

rds:DescribeDBClusterSnapshotAttributes

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

DescribeDBEngineVersions

rds:DescribeDBEngineVersions

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DescribeDBInstances

rds:DescribeDBInstances

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DescribeDBLogFiles

rds:DescribeDBLogFiles

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DescribeDBParameterGroups

rds:DescribeDBParameterGroups

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DescribeDBParameters

rds:DescribeDBParameters

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DescribeDBSecurityGroups

rds:DescribeDBSecurityGroups

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

DescribeDBSnapshotAttributes

rds:DescribeDBSnapshotAttributes

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

DescribeDBSnapshots

rds:DescribeDBSnapshots

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

DescribeDBSubnetGroups

rds:DescribeDBSubnetGroups

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

DescribeEngineDefaultClusterParameters

rds:DescribeEngineDefaultClusterParameters

DescribeEngineDefaultParameters

rds:DescribeEngineDefaultParameters

DescribeEventCategories

rds:DescribeEventCategories

DescribeEvents

rds:DescribeEvents

DescribeEventSubscriptions

rds:DescribeEventSubscriptions

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

DescribeOptionGroupOptions

rds:DescribeOptionGroupOptions

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DescribeOptionGroups

rds:DescribeOptionGroups

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DescribeOrderableDBInstanceOptions

rds:DescribeOrderableDBInstanceOptions

DescribePendingMaintenanceActions

rds:DescribePendingMaintenanceActions

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:DatabaseEngine

rds:DatabaseName

rds:MultiAz

rds:Piops

rds:StorageSize

rds:Vpc

rds:db-tag

DescribeReservedDBInstances

rds:DescribeReservedDBInstances

예약 DB 인스턴스

arn:aws:rds:region:account-id:ri:reserved-db-instance-name

rds:DatabaseClass

rds:MultiAz

rds:ri-tag

DescribeReservedDBInstancesOfferings

rds:DescribeReservedDBInstancesOfferings

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:MultiAz

DownloadCompleteDBLogFile

rds:DownloadCompleteDBLogFile

DownloadDBLogFilePortion

rds:DownloadDBLogFilePortion

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

FailoverDBCluster

rds:FailoverDBCluster

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-instance-name

rds:cluster-tag

ListTagsForResource

rds:ListTagsForResource

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

예약 DB 인스턴스

arn:aws:rds:region:account-id:ri:reserved-db-instance-name

rds:ri-tag

ModifyDBCluster

rds:ModifyDBCluster

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-name

rds:cluster-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

ModifyDBClusterParameterGroup

rds:ModifyDBClusterParameterGroup

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

ModifyDBClusterSnapshotAttribute

rds:ModifyDBClusterSnapshotAttribute

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

ModifyDBInstance

rds:ModifyDBInstance

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:MultiAz

rds:Piops

rds:StorageSize

rds:Vpc

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

ModifyDBParameterGroup

rds:ModifyDBParameterGroup

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

ModifyDBSnapshotAttribute

rds:ModifyDBSnapshotAttribute

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

ModifyDBSubnetGroup

rds:ModifyDBSubnetGroup

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

ModifyEventSubscription

rds:ModifyEventSubscription

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

ModifyOptionGroup

rds:ModifyOptionGroup

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

PromoteReadReplica

rds:PromoteReadReplica

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

PromoteReadReplicaDBCluster

rds:PromoteReadReplicaDBCluster

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-name

PurchaseReservedDBInstancesOffering

rds:PurchaseReservedDBInstancesOffering

RebootDBInstance

rds:RebootDBInstance

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

RemoveSourceIdentifierFromSubscription

rds:RemoveSourceIdentifierFromSubscription

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

RemoveTagsFromResource

rds:RemoveTagsFromResource

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

이벤트 구독

arn:aws:rds:region:account-id:es:subscription-name

rds:es-tag

예약 DB 인스턴스

arn:aws:rds:region:account-id:ri:reserved-db-instance-name

rds:ri-tag

ResetDBClusterParameterGroup

rds:ResetDBClusterParameterGroup

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

ResetDBParameterGroup

rds:ResetDBParameterGroup

DB 파라미터 그룹

arn:aws:rds:region:account-id:pg:parameter-group-name

rds:pg-tag

RestoreDBClusterFromS3

rds:RestoreDBClusterFromS3

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-instance-name

rds:DatabaseEngine

rds:DatabaseName

rds:cluster-tag

DB 클러스터 파라미터 그룹

arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name

rds:cluster-pg-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

RestoreDBClusterFromSnapshot

rds:RestoreDBClusterFromSnapshot

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-instance-name

rds:DatabaseEngine

rds:DatabaseName

rds:cluster-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 클러스터 스냅샷

arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name

rds:cluster-snapshot-tag

RestoreDBClusterToPointInTime

rds:RestoreDBClusterToPointInTime

DB 클러스터

arn:aws:rds:region:account-id:cluster:db-cluster-instance-name

rds:cluster-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

RestoreDBInstanceFromDBSnapshot

rds:RestoreDBInstanceFromDBSnapshot

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:DatabaseEngine

rds:DatabaseName

rds:MultiAz

rds:Piops

rds:Vpc

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

RestoreDBInstanceToPointInTime

rds:RestoreDBInstanceToPointInTime

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:DatabaseEngine

rds:DatabaseName

rds:MultiAz

rds:Piops

rds:Vpc

rds:db-tag

DB 옵션 그룹

arn:aws:rds:region:account-id:og:option-group-name

rds:og-tag

DB 스냅샷

arn:aws:rds:region:account-id:snapshot:snapshot-name

rds:snapshot-tag

DB 서브넷 그룹

arn:aws:rds:region:account-id:subgrp:subnet-group-name

rds:subgrp-tag

RevokeDBSecurityGroupIngress

rds:RevokeDBSecurityGroupIngress

DB 보안 그룹

arn:aws:rds:region:account-id:secgrp:security-group-name

rds:secgrp-tag

StartDBInstance

rds:StartDBInstance

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:DatabaseEngine

rds:DatabaseName

rds:MultiAz

rds:Piops

rds:Vpc

rds:db-tag

StopDBInstance

rds:StopDBInstance

DB 인스턴스

arn:aws:rds:region:account-id:db:db-instance-name

rds:DatabaseClass

rds:DatabaseEngine

rds:DatabaseName

rds:MultiAz

rds:Piops

rds:Vpc

rds:db-tag

관련 주제

이 페이지에서: