Attaching the AmazonRDSPerformanceInsightsReadOnly policy to an IAM principal Attaching the AmazonRDSPerformanceInsightsFullAccess policy to an IAM principal

Configuring access policies for Performance Insights

To access Performance Insights, a principal must have the appropriate permissions from AWS Identity and Access Management (IAM). You can grant access in the following ways:

Attach the AmazonRDSPerformanceInsightsReadOnly managed policy to a permission set or role to access all read-only operations of the Performance Insights API.
Attach the AmazonRDSPerformanceInsightsFullAccess managed policy to a permission set or role to access all operations of the Performance Insights API.
Create a custom IAM policy and attach it to a permission set or role.

If you specified a customer managed key when you turned on Performance Insights, make sure that users in your account have the kms:Decrypt and kms:GenerateDataKey permissions on the AWS KMS key.

In the following sections, attach an AWS managed policy to an IAM principal, create a custom IAM policy, change an AWS KMS policy, and grant fine-grained access for Performance Insights.

Topics

Attaching the AmazonRDSPerformanceInsightsReadOnly policy to an IAM principal

AmazonRDSPerformanceInsightsReadOnly is an AWS managed policy that grants access to all read-only operations of the Amazon RDS Performance Insights API.

If you attach AmazonRDSPerformanceInsightsReadOnly to a permission set or role, the recipient can use Performance Insights with other console features.

For more information, see AWS managed policy: AmazonRDSPerformanceInsightsReadOnly.

Attaching the AmazonRDSPerformanceInsightsFullAccess policy to an IAM principal

AmazonRDSPerformanceInsightsFullAccess is an AWS managed policy that grants access to all operations of the Amazon RDS Performance Insights API.

If you attach AmazonRDSPerformanceInsightsFullAccess to a permission set or role, the recipient can use Performance Insights with other console features.

For more information, see AWS managed policy: AmazonRDSPerformanceInsightsFullAccess.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Turn on the Performance Schema for Amazon RDS for MariaDB or MySQL

Creating a custom IAM policy for Performance Insights