メニュー
AWS Identity and Access Management
ユーザーガイド

Amazon RDS: タグ所有者がタグ付けした RDS リソースへのフルアクセスを許可する

この例では、次のようなポリシーを作成する方法を示します。 は、タグ所有者にタグ付けした RDS リソースへのフルアクセスを許可します。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:Describe*", "rds:List*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "rds:DeleteDBInstance", "rds:RebootDBInstance", "rds:ModifyDBInstance" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:db-tag/Owner": "${aws:username}" } } }, { "Action": [ "rds:ModifyOptionGroup", "rds:DeleteOptionGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:og-tag/Owner": "${aws:username}" } } }, { "Action": [ "rds:ModifyDBParameterGroup", "rds:ResetDBParameterGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:pg-tag/Owner": "${aws:username}" } } }, { "Action": [ "rds:AuthorizeDBSecurityGroupIngress", "rds:RevokeDBSecurityGroupIngress", "rds:DeleteDBSecurityGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:secgrp-tag/Owner": "${aws:username}" } } }, { "Action": [ "rds:DeleteDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:snapshot-tag/Owner": "${aws:username}" } } }, { "Action": [ "rds:ModifyDBSubnetGroup", "rds:DeleteDBSubnetGroup" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:subgrp-tag/Owner": "${aws:username}" } } }, { "Action": [ "rds:ModifyEventSubscription", "rds:AddSourceIdentifierToSubscription", "rds:RemoveSourceIdentifierFromSubscription", "rds:DeleteEventSubscription" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "rds:es-tag/Owner": "${aws:username}" } } } ] }