Amazon Aurora
User Guide for Aurora (API Version 2014-10-31)

Creating an IAM Role to Allow Amazon Aurora to Access AWS Services

After creating an IAM policy to allow Aurora to access AWS resources, you must create an IAM role and attach the IAM policy to the new IAM role.

To create an IAM role to permit your Amazon RDS cluster to communicate with other AWS services on your behalf, take the following steps.

To create an IAM role to allow Amazon RDS to access AWS services

  1. Open the IAM console.

  2. In the navigation pane, choose Roles.

  3. Choose Create role.

  4. Under AWS service, choose RDS.

  5. Under Select your use case, choose RDS – CloudHSM and Directory Service.

  6. Choose Next: Permissions.

  7. Choose Next: Review.

  8. Set Role Name to a name for your IAM role, for example RDSLoadFromS3. You can also add an optional Role Description value.

  9. Choose Create Role.

  10. In the navigation pane, choose Roles.

  11. In the Search field, enter the name of the role you created, and click the role when it appears in the list.

  12. On the Permissions tab, detach the following default roles from the policy:

    • AmazonRDSDirectoryServiceAccess

    • RDSCloudHsmAuthorizationRole

    To detach a role, click the X associated with the role on the right, and then click Detach.

  13. On the Permissions tab, choose Attach policy.

  14. On the Attach policy page, enter the name of your policy in the Search field.

  15. When it appears in the list, select the policy that you defined earlier using the instructions in one of the following sections:

  16. Choose Attach policy.

  17. Complete the steps in Associating an IAM Role with an Amazon Aurora MySQL DB Cluster.