Actions available in Neptune IAM administrative policy statements - Amazon Neptune
rds:AddRoleToDBClusterrds:AddSourceIdentifierToSubscriptionrds:AddTagsToResourcerds:ApplyPendingMaintenanceActionrds:CopyDBClusterParameterGrouprds:CopyDBClusterSnapshotrds:CopyDBParameterGrouprds:CreateDBClusterrds:CreateDBClusterParameterGrouprds:CreateDBClusterSnapshotrds:CreateDBInstancerds:CreateDBParameterGrouprds:CreateDBSubnetGrouprds:CreateEventSubscriptionrds:DeleteDBClusterrds:DeleteDBClusterParameterGrouprds:DeleteDBClusterSnapshotrds:DeleteDBInstancerds:DeleteDBParameterGrouprds:DeleteDBSubnetGrouprds:DeleteEventSubscriptionrds:DescribeDBClusterParameterGroupsrds:DescribeDBClusterParametersrds:DescribeDBClusterSnapshotAttributesrds:DescribeDBClusterSnapshotsrds:DescribeDBClustersrds:DescribeDBEngineVersionsrds:DescribeDBInstancesrds:DescribeDBParameterGroupsrds:DescribeDBParametersrds:DescribeDBSubnetGroupsrds:DescribeEventCategoriesrds:DescribeEventSubscriptionsrds:DescribeEventsrds:DescribeOrderableDBInstanceOptionsrds:DescribePendingMaintenanceActionsrds:DescribeValidDBInstanceModificationsrds:FailoverDBClusterrds:ListTagsForResourcerds:ModifyDBClusterrds:ModifyDBClusterParameterGrouprds:ModifyDBClusterSnapshotAttributerds:ModifyDBInstancerds:ModifyDBParameterGrouprds:ModifyDBSubnetGrouprds:ModifyEventSubscriptionrds:RebootDBInstancerds:RemoveRoleFromDBClusterrds:RemoveSourceIdentifierFromSubscriptionrds:RemoveTagsFromResourcerds:ResetDBClusterParameterGrouprds:ResetDBParameterGrouprds:RestoreDBClusterFromSnapshotrds:RestoreDBClusterToPointInTimerds:StartDBClusterrds:StopDBCluster

Actions available in Neptune IAM administrative policy statements

You can use the administrative actions listed below in the Action element of an IAM policy statement to control access to the Neptune management APIs. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource type field in the list below indicates whether each action supports resource-level permissions. If there is no value in this field, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify a resource ARN of that type in a statement with that action. Neptune administrative resource types are listed on this page.

Required resources are indicated in the list below with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type. Some actions support multiple resource types. If a resource types is optional (in other words, is not marked with an asterisk), then you do not have to include it.

For more information about the fields listed here, see action table in the IAM User Guide.

rds:AddRoleToDBCluster

AddRoleToDBCluster associates an IAM role with a Neptune DB cluster.

Access level: Write.

Dependent actions: iam:PassRole.

Resource type: cluster (required).

rds:AddSourceIdentifierToSubscription

AddSourceIdentifierToSubscription adds a source identifier to an existing Neptune event notification subscription.

Access level: Write.

Resource type: es (required).

rds:AddTagsToResource

AddTagsToResource associates an IAM role with a Neptune DB cluster.

Access level: Write.

Resource types:

Condition Keys:

rds:ApplyPendingMaintenanceAction

ApplyPendingMaintenanceAction applies a pending maintenance action to a resource.

Access level: Write.

Resource type: db (required).

rds:CopyDBClusterParameterGroup

CopyDBClusterParameterGroup copies the specified DB cluster parameter group.

Access level: Write.

Resource type: cluster-pg (required).

rds:CopyDBClusterSnapshot

CopyDBClusterSnapshot copies a snapshot of a DB cluster.

Access level: Write.

Resource type: cluster-snapshot (required).

rds:CopyDBParameterGroup

CopyDBParameterGroup copies the specified DB parameter group.

Access level: Write.

Resource type: pg (required).

rds:CreateDBCluster

CreateDBCluster creates a new Neptune DB cluster.

Access level: Tagging.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

rds:CreateDBClusterParameterGroup

CreateDBClusterParameterGroup creates a new DB cluster parameter group.

Access level: Tagging.

Resource type: cluster-pg (required).

Condition Keys:

rds:CreateDBClusterSnapshot

CreateDBClusterSnapshot creates a snapshot of a DB cluster.

Access level: Tagging.

Resource types:

Condition Keys:

rds:CreateDBInstance

CreateDBInstance creates a new DB instance.

Access level: Tagging.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

rds:CreateDBParameterGroup

CreateDBParameterGroup creates a new DB parameter group.

Access level: Tagging.

Resource type: pg (required).

Condition Keys:

rds:CreateDBSubnetGroup

CreateDBSubnetGroup creates a new DB subnet group.

Access level: Tagging.

Resource type: subgrp (required).

Condition Keys:

rds:CreateEventSubscription

CreateEventSubscription creates a Neptune event notification subscription.

Access level: Tagging.

Resource type: es (required).

Condition Keys:

rds:DeleteDBCluster

DeleteDBCluster deletes an existing Neptune DB cluster.

Access level: Write.

Resource types:

rds:DeleteDBClusterParameterGroup

DeleteDBClusterParameterGroup deletes a specified DB cluster parameter group.

Access level: Write.

Resource type: cluster-pg (required).

rds:DeleteDBClusterSnapshot

DeleteDBClusterSnapshot deletes a DB cluster snapshot.

Access level: Write.

Resource type: cluster-snapshot (required).

rds:DeleteDBInstance

DeleteDBInstance deletes a specified DB instance.

Access level: Write.

Resource type: db (required).

rds:DeleteDBParameterGroup

DeleteDBParameterGroup deletes a specified DBParameterGroup.

Access level: Write.

Resource type: pg (required).

rds:DeleteDBSubnetGroup

DeleteDBSubnetGroup deletes a DB subnet group.

Access level: Write.

Resource type: subgrp (required).

rds:DeleteEventSubscription

DeleteEventSubscription deletes an event notification subscription.

Access level: Write.

Resource type: es (required).

rds:DescribeDBClusterParameterGroups

DescribeDBClusterParameterGroups returns a list of DBClusterParameterGroup descriptions.

Access level: List.

Resource type: cluster-pg (required).

rds:DescribeDBClusterParameters

DescribeDBClusterParameters returns the detailed parameter list for a particular DB cluster parameter group.

Access level: List.

Resource type: cluster-pg (required).

rds:DescribeDBClusterSnapshotAttributes

DescribeDBClusterSnapshotAttributes returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot.

Access level: List.

Resource type: cluster-snapshot (required).

rds:DescribeDBClusterSnapshots

DescribeDBClusterSnapshots returns information about DB cluster snapshots.

Access level: Read.

rds:DescribeDBClusters

DescribeDBClusters returns information about a provisioned Neptune DB cluster.

Access level: List.

Resource type: cluster (required).

rds:DescribeDBEngineVersions

DescribeDBEngineVersions returns a list of the available DB engines.

Access level: List.

Resource type: pg (required).

rds:DescribeDBInstances

DescribeDBInstances returns information about DB instances.

Access level: List.

Resource type: es (required).

rds:DescribeDBParameterGroups

DescribeDBParameterGroups returns a list of DBParameterGroup descriptions.

Access level: List.

Resource type: pg (required).

rds:DescribeDBParameters

DescribeDBParameters returns a detailed parameter list for a particular DB parameter group.

Access level: List.

Resource type: pg (required).

rds:DescribeDBSubnetGroups

DescribeDBSubnetGroups returns a list of DBSubnetGroup descriptions.

Access level: List.

Resource type: subgrp (required).

rds:DescribeEventCategories

DescribeEventCategories returns a list of categories for all event source types, or, if specified, for a specified source type.

Access level: List.

rds:DescribeEventSubscriptions

DescribeEventSubscriptions lists all the subscription descriptions for a customer account.

Access level: List.

Resource type: es (required).

rds:DescribeEvents

DescribeEvents returns events related to DB instances, DB security groups, and DB parameter groups for the past 14 days.

Access level: List.

Resource type: es (required).

rds:DescribeOrderableDBInstanceOptions

DescribeOrderableDBInstanceOptions returns a list of orderable DB instance options for the specified engine.

Access level: List.

rds:DescribePendingMaintenanceActions

DescribePendingMaintenanceActions returns a list of resources (for example, DB instances) that have at least one pending maintenance action.

Access level: List.

Resource type: db (required).

rds:DescribeValidDBInstanceModifications

DescribeValidDBInstanceModifications lists available modifications you can make to your DB instance.

Access level: List.

Resource type: db (required).

rds:FailoverDBCluster

FailoverDBCluster forces a failover for a DB cluster.

Access level: Write.

Resource type: cluster (required).

rds:ListTagsForResource

ListTagsForResource lists all tags on a Neptune resource.

Access level: Read.

Resource types:

rds:ModifyDBCluster

ModifyDBCluster

Modifies a setting for a Neptune DB cluster.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

rds:ModifyDBClusterParameterGroup

ModifyDBClusterParameterGroup modifies the parameters of a DB cluster parameter group.

Access level: Write.

Resource type: cluster-pg (required).

rds:ModifyDBClusterSnapshotAttribute

ModifyDBClusterSnapshotAttribute adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot.

Access level: Write.

Resource type: cluster-snapshot (required).

rds:ModifyDBInstance

ModifyDBInstance modifies settings for a DB instance.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

  • db (required).

  • pg (required).

rds:ModifyDBParameterGroup

ModifyDBParameterGroup modifies the parameters of a DB parameter group.

Access level: Write.

Resource type: pg (required).

rds:ModifyDBSubnetGroup

ModifyDBSubnetGroup modifies an existing DB subnet group.

Access level: Write.

Resource type: subgrp (required).

rds:ModifyEventSubscription

ModifyEventSubscription modifies an existing Neptune event notification subscription.

Access level: Write.

Resource type: es (required).

rds:RebootDBInstance

RebootDBInstance restarts the database engine service for the instance.

Access level: Write.

Resource type: db (required).

rds:RemoveRoleFromDBCluster

RemoveRoleFromDBCluster disassociates an AWS Identity and Access Management (IAM) role from an Amazon Neptune DB cluster.

Access level: Write.

Dependent actions: iam:PassRole.

Resource type: cluster (required).

rds:RemoveSourceIdentifierFromSubscription

RemoveSourceIdentifierFromSubscription removes a source identifier from an existing Neptune event notification subscription.

Access level: Write.

Resource type: es (required).

rds:RemoveTagsFromResource

RemoveTagsFromResource removes metadata tags from a Neptune resource.

Access level: Tagging.

Resource types:

Condition Keys:

rds:ResetDBClusterParameterGroup

ResetDBClusterParameterGroup modifies the parameters of a DB cluster parameter group to the default value.

Access level: Write.

Resource type: cluster-pg (required).

rds:ResetDBParameterGroup

ResetDBParameterGroup modifies the parameters of a DB parameter group to the engine/system default value.

Access level: Write.

Resource type: pg (required).

rds:RestoreDBClusterFromSnapshot

RestoreDBClusterFromSnapshot creates a new DB cluster from a DB cluster snapshot.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

rds:RestoreDBClusterToPointInTime

RestoreDBClusterToPointInTime restores a DB cluster to an arbitrary point in time.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

rds:StartDBCluster

StartDBCluster starts the specified DB cluster.

Access level: Write.

Resource type: cluster (required).

rds:StopDBCluster

StopDBCluster stops the specified DB cluster.

Access level: Write.

Resource type: cluster (required).