Accessing Performance Insights
To access Performance Insights, you must have the appropriate permissions from AWS Identity and Access Management (IAM). There are two options available for granting access:
-
Attach the
AmazonRDSFullAccess
managed policy to an IAM user or role. -
Create a custom IAM policy and attach it to an IAM user or role.
AmazonRDSFullAccess managed policy
AmazonRDSFullAccess
is an AWS-managed policy that grants access to
all of the Amazon RDS API operations. The policy also grants access to related
services
that are used by the Amazon RDS console—for example, event notifications using
Amazon SNS.
In addition, AmazonRDSFullAccess
contains all the permissions needed
for using Performance Insights. If you attach this policy to an IAM user or role,
the recipient can use Performance Insights. along with other console
features.
Using a custom IAM policy
For users who don't have full access with the AmazonRDSFullAccess
policy, you can grant access to Performance Insights by creating or modifying
a
user-managed IAM policy. When you attach the policy to an IAM user or role, the
recipient can use Performance Insights.
To create a custom policy
-
Open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane, choose Policies.
-
Choose Create policy.
-
On the Create Policy page, choose the JSON tab.
-
Copy and paste the following.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "pi:*", "Resource": "arn:aws:pi:*:*:metrics/rds/*" } ] }
-
Choose Review policy.
-
Provide a name for the policy and optionally a description, and then choose Create policy.
You can now attach the policy to an IAM user or role. The following procedure assumes that you already have an IAM user available for this purpose.
To attach the policy to an IAM user
-
Open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane, choose Users.
-
Choose an existing user from the list.
Important To use Performance Insights, make sure that you have access to Amazon RDS in addition to the custom policy. For example, the
AmazonRDSReadOnlyAccess
predefined policy provides read-only access to Amazon RDS. For more information, see Managing access using policies. -
On the Summary page, choose Add permissions.
-
Choose Attach existing policies directly. For Search, type the first few characters of your policy name, as shown following.
-
Choose your policy, and then choose Next: Review.
-
Choose Add permissions.