Amazon RDS updates to AWS managed policies - Amazon Relational Database Service

Amazon RDS updates to AWS managed policies

View details about updates to AWS managed policies for Amazon RDS since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon RDS Document history page.

Change Description Date

AWS managed policies for Amazon RDS – New policy

Amazon RDS added a new managed policy named AmazonRDSCustomInstanceProfileRolePolicy to allow RDS Custom to perform automation actions and database management tasks through an EC2 instance profile. For more information, see AWS managed policies for Amazon RDS. February 27, 2024

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new statement IDs to the AmazonRDSServiceRolePolicy of the AWSServiceRoleForRDS service-linked role.

For more information, see Service-linked role permissions for Amazon RDS.

January 19, 2024

AWS managed policies for Amazon RDS – Update to existing policies

The AmazonRDSPerformanceInsightsReadOnly and AmazonRDSPerformanceInsightsFullAccess managed policies now includes Sid (statement ID) as an identifier in the policy statement.

For more information, see AWS managed policy: AmazonRDSPerformanceInsightsReadOnly and AWS managed policy: AmazonRDSPerformanceInsightsFullAccess

October 23, 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role. These new permissions allow RDS Custom for Oracle to create, modify, and delete EventBridge Managed Rules.

For more information, see Service-linked role permissions for Amazon RDS Custom.

September 20, 2023

AWS managed policies for Amazon RDS – Update to existing policy

Amazon RDS added new permissions to AmazonRDSFullAccess managed policy. The permissions allow you to generate, view, and delete the performance analysis report for a time period.

For more information about configuring access policies for Performance Insights, see Configuring access policies for Performance Insights

August 17, 2023

AWS managed policies for Amazon RDS – New policy and update to existing policy

Amazon RDS added new permissions to AmazonRDSPerformanceInsightsReadOnly managed policy and a new managed policy named AmazonRDSPerformanceInsightsFullAccess. These permissions allow you to analyse the Performance Insights for a time period, view the analysis results along with the recommendations, and delete the reports.

For more information about configuring access policies for Performance Insights, see Configuring access policies for Performance Insights

August 16, 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role. These new permissions allow RDS Custom for Oracle to use DB snapshots.

For more information, see Service-linked role permissions for Amazon RDS Custom.

June 23, 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role. These new permissions allow RDS Custom for Oracle to use DB snapshots.

For more information, see Service-linked role permissions for Amazon RDS Custom.

June 23, 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role. These new permissions allow RDS Custom to create network interfaces.

For more information, see Service-linked role permissions for Amazon RDS Custom.

May 30, 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role. These new permissions allow RDS Custom to call Amazon EBS to check the storage quota.

For more information, see Service-linked role permissions for Amazon RDS Custom.

April 18, 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS Custom added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role for integration with Amazon SQS. RDS Custom requires integration with Amazon SQS to create and manage SQS queues in the customer account. The SQS queue names follow the format do-not-delete-rds-custom-[identifier] and are tagged with Amazon RDS Custom. The permission for ec2:CreateSnapshot was also added to allow RDS Custom to create backups for volumes attached to the instance.

For more information, see Service-linked role permissions for Amazon RDS Custom.

April 6, 2023

AWS managed policies for Amazon RDS – Update to an existing policy

Amazon RDS added a new Amazon CloudWatch namespace ListMetrics to AmazonRDSFullAccess and AmazonRDSReadOnlyAccess.

This namespace is required for Amazon RDS to list specific resource usage metrics.

For more information, see Overview of managing access permissions to your CloudWatch resources in the Amazon CloudWatch User Guide.

April 4, 2023

AWS managed policies for Amazon RDS – Update to an existing policy

Amazon RDS added a new permission to AmazonRDSFullAccess and AmazonRDSReadOnlyAccess managed policies to allow the display of Amazon DevOps Guru findings in the RDS console.

This permission is required to allow the display of DevOps Guru findings.

For more information, see Amazon RDS updates to AWS managed policies.

March, 30 2023

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSServiceRolePolicy of the AWSServiceRoleForRDS service-linked role for integration with AWS Secrets Manager. RDS requires integration with Secrets Manager for managing master user passwords in Secrets Manager. The secret uses a reserved naming convention and restricts customer updates.

For more information, see Password management with Amazon RDS and AWS Secrets Manager.

December 22, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AmazonRDSCustomServiceRolePolicy of the AWSServiceRoleForRDSCustom service-linked role. RDS Custom supports DB clusters. These new permissions in the policy allow RDS Custom to call AWS services on behalf of your DB clusters.

For more information, see Service-linked role permissions for Amazon RDS Custom.

November 9, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AWSServiceRoleForRDS service-linked role for integration with AWS Secrets Manager.

Integration with Secrets Manager is required for SQL Server Reporting Services (SSRS) Email to function on RDS. SSRS Email creates a secret on behalf of the customer. The secret uses a reserved naming convention and restricts customer updates.

For more information, see Using SSRS Email to send reports.

August 26, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added a new Amazon CloudWatch namespace to AmazonRDSPreviewServiceRolePolicy for PutMetricData.

This namespace is required for Amazon RDS to publish resource usage metrics.

For more information, see Using condition keys to limit access to CloudWatch namespaces in the Amazon CloudWatch User Guide.

June 7, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added a new Amazon CloudWatch namespace to AmazonRDSBetaServiceRolePolicy for PutMetricData.

This namespace is required for Amazon RDS to publish resource usage metrics.

For more information, see Using condition keys to limit access to CloudWatch namespaces in the Amazon CloudWatch User Guide.

June 7, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added a new Amazon CloudWatch namespace to AWSServiceRoleForRDS for PutMetricData.

This namespace is required for Amazon RDS to publish resource usage metrics.

For more information, see Using condition keys to limit access to CloudWatch namespaces in the Amazon CloudWatch User Guide.

April 22, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new permissions to the AWSServiceRoleForRDS service-linked role to manage permissions for customer-owned IP pools and local gateway route tables (LGW-RTBs).

These permissions are required for RDS on Outposts to perform Multi-AZ replication across the Outposts’ local network.

For more information, see Working with Multi-AZ deployments for Amazon RDS on AWS Outposts.

April 19, 2022

Identity-based policies – Update to an existing policy

Amazon RDS added a new permission to the AmazonRDSFullAccess managed policy to describe permissions on LGW-RTBs.

This permission is required to describe permissions for RDS on Outposts to perform Multi-AZ replication across the Outposts’ local network.

For more information, see Working with Multi-AZ deployments for Amazon RDS on AWS Outposts.

April 19, 2022

AWS managed policies for Amazon RDS – New policy

Amazon RDS added a new managed policy named AmazonRDSPerformanceInsightsReadOnly to allow Amazon RDS to call AWS services on behalf of your DB instances.

For more information about configuring access policies for Performance Insights, see Configuring access policies for Performance Insights

March 10, 2022

Service-linked role permissions for Amazon RDS – Update to an existing policy

Amazon RDS added new Amazon CloudWatch namespaces to AWSServiceRoleForRDS for PutMetricData.

These namespaces are required for Amazon DocumentDB (with MongoDB compatibility) and Amazon Neptune to publish CloudWatch metrics.

For more information, see Using condition keys to limit access to CloudWatch namespaces in the Amazon CloudWatch User Guide.

March 4, 2022

Service-linked role permissions for Amazon RDS Custom – New policy

Amazon RDS added a new service-linked role named AWSServiceRoleForRDSCustom to allow RDS Custom to call AWS services on behalf of your DB instances.

October 26, 2021

Amazon RDS started tracking changes

Amazon RDS started tracking changes for its AWS managed policies.

October 26, 2021