Actions that you can use in Neptune policies - Amazon Neptune

Actions that you can use in Neptune policies

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI ommand with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource Types column indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. Required resources are indicated in the table with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one but not the other.

For details about the fields listed here, see action table in the IAM User Guide.

AddRoleToDBCluster

AddRoleToDBCluster associates an IAM role with a Neptune DB cluster.

Access level: Write.

Dependent actions: iam:PassRole.

Resource type: cluster (required).

AddSourceIdentifierToSubscription

AddSourceIdentifierToSubscription adds a source identifier to an existing Neptune event notification subscription.

Access level: Write.

Resource type: es (required).

AddTagsToResource

AddTagsToResource associates an IAM role with a Neptune DB cluster.

Access level: Write.

Resource types:

Condition Keys:

ApplyPendingMaintenanceAction

ApplyPendingMaintenanceAction applies a pending maintenance action to a resource.

Access level: Write.

Resource type: db (required).

CopyDBClusterParameterGroup

CopyDBClusterParameterGroup copies the specified DB cluster parameter group.

Access level: Write.

Resource type: cluster-pg (required).

CopyDBClusterSnapshot

CopyDBClusterSnapshot copies a snapshot of a DB cluster.

Access level: Write.

Resource type: cluster-snapshot (required).

CopyDBParameterGroup

CopyDBParameterGroup copies the specified DB parameter group.

Access level: Write.

Resource type: pg (required).

CreateDBCluster

CreateDBCluster creates a new Neptune DB cluster.

Access level: Tagging.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

CreateDBClusterParameterGroup

CreateDBClusterParameterGroup creates a new DB cluster parameter group.

Access level: Tagging.

Resource type: cluster-pg (required).

Condition Keys:

CreateDBClusterSnapshot

CreateDBClusterSnapshot creates a snapshot of a DB cluster.

Access level: Tagging.

Resource types:

Condition Keys:

CreateDBInstance

CreateDBInstance creates a new DB instance.

Access level: Tagging.

Dependent actions: iam:PassRole.

Resource types:

  • db (required).

  • pg (required).

  • subgrp (required).

Condition Keys:

CreateDBParameterGroup

CreateDBParameterGroup creates a new DB parameter group.

Access level: Tagging.

Resource type: pg (required).

Condition Keys:

CreateDBSubnetGroup

CreateDBSubnetGroup creates a new DB subnet group.

Access level: Tagging.

Resource type: subgrp (required).

Condition Keys:

CreateEventSubscription

CreateEventSubscription creates a Neptune event notification subscription.

Access level: Tagging.

Resource type: es (required).

Condition Keys:

DeleteDBCluster

DeleteDBCluster deletes an existing Neptune DB cluster.

Access level: Write.

Resource types:

DeleteDBClusterParameterGroup

DeleteDBClusterParameterGroup deletes a specified DB cluster parameter group.

Access level: Write.

Resource type: cluster-pg (required).

DeleteDBClusterSnapshot

DeleteDBClusterSnapshot deletes a DB cluster snapshot.

Access level: Write.

Resource type: cluster-snapshot (required).

DeleteDBInstance

DeleteDBInstance deletes a specified DB instance.

Access level: Write.

Resource type: db (required).

DeleteDBParameterGroup

DeleteDBParameterGroup deletes a specified DBParameterGroup.

Access level: Write.

Resource type: pg (required).

DeleteDBSubnetGroup

DeleteDBSubnetGroup deletes a DB subnet group.

Access level: Write.

Resource type: subgrp (required).

DeleteEventSubscription

DeleteEventSubscription deletes an event notification subscription.

Access level: Write.

Resource type: es (required).

DescribeDBClusterParameterGroups

DescribeDBClusterParameterGroups returns a list of DBClusterParameterGroup descriptions.

Access level: List.

Resource type: cluster-pg (required).

DescribeDBClusterParameters

DescribeDBClusterParameters returns the detailed parameter list for a particular DB cluster parameter group.

Access level: List.

Resource type: cluster-pg (required).

DescribeDBClusterSnapshotAttributes

DescribeDBClusterSnapshotAttributes returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot.

Access level: List.

Resource type: cluster-snapshot (required).

DescribeDBClusterSnapshots

DescribeDBClusterSnapshots returns information about DB cluster snapshots.

Access level: Read.

DescribeDBClusters

DescribeDBClusters returns information about a provisioned Neptune DB cluster.

Access level: List.

Resource type: cluster (required).

DescribeDBEngineVersions

DescribeDBEngineVersions returns a list of the available DB engines.

Access level: List.

Resource type: pg (required).

DescribeDBInstances

DescribeDBInstances returns information about DB instances.

Access level: List.

Resource type: es (required).

DescribeDBParameterGroups

DescribeDBParameterGroups returns a list of DBParameterGroup descriptions.

Access level: List.

Resource type: pg (required).

DescribeDBParameters

DescribeDBParameters returns a detailed parameter list for a particular DB parameter group.

Access level: List.

Resource type: pg (required).

DescribeDBSubnetGroups

DescribeDBSubnetGroups returns a list of DBSubnetGroup descriptions.

Access level: List.

Resource type: subgrp (required).

DescribeEventCategories

DescribeEventCategories returns a list of categories for all event source types, or, if specified, for a specified source type.

Access level: List.

DescribeEventSubscriptions

DescribeEventSubscriptions lists all the subscription descriptions for a customer account.

Access level: List.

Resource type: es (required).

DescribeEvents

DescribeEvents returns events related to DB instances, DB security groups, and DB parameter groups for the past 14 days.

Access level: List.

Resource type: es (required).

DescribeOrderableDBInstanceOptions

DescribeOrderableDBInstanceOptions returns a list of orderable DB instance options for the specified engine.

Access level: List.

DescribePendingMaintenanceActions

DescribePendingMaintenanceActions returns a list of resources (for example, DB instances) that have at least one pending maintenance action.

Access level: List.

Resource type: db (required).

DescribeValidDBInstanceModifications

DescribeValidDBInstanceModifications lists available modifications you can make to your DB instance.

Access level: List.

Resource type: db (required).

FailoverDBCluster

FailoverDBCluster forces a failover for a DB cluster.

Access level: Write.

Resource type: cluster (required).

ListTagsForResource

ListTagsForResource lists all tags on a Neptune resource.

Access level: Read.

Resource types:

ModifyDBCluster

ModifyDBCluster

Modifies a setting for a Neptune DB cluster.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

ModifyDBClusterParameterGroup

ModifyDBClusterParameterGroup modifies the parameters of a DB cluster parameter group.

Access level: Write.

Resource type: cluster-pg (required).

ModifyDBClusterSnapshotAttribute

ModifyDBClusterSnapshotAttribute adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot.

Access level: Write.

Resource type: cluster-snapshot (required).

ModifyDBInstance

ModifyDBInstance modifies settings for a DB instance.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

  • db (required).

  • pg (required).

ModifyDBParameterGroup

ModifyDBParameterGroup modifies the parameters of a DB parameter group.

Access level: Write.

Resource type: pg (required).

ModifyDBSubnetGroup

ModifyDBSubnetGroup modifies an existing DB subnet group.

Access level: Write.

Resource type: subgrp (required).

ModifyEventSubscription

ModifyEventSubscription modifies an existing Neptune event notification subscription.

Access level: Write.

Resource type: es (required).

RebootDBInstance

RebootDBInstance restarts the database engine service for the instance.

Access level: Write.

Resource type: db (required).

RemoveRoleFromDBCluster

RemoveRoleFromDBCluster disassociates an AWS Identity and Access Management (IAM) role from an Amazon Neptune DB cluster.

Access level: Write.

Dependent actions: iam:PassRole.

Resource type: cluster (required).

RemoveSourceIdentifierFromSubscription

RemoveSourceIdentifierFromSubscription removes a source identifier from an existing Neptune event notification subscription.

Access level: Write.

Resource type: es (required).

RemoveTagsFromResource

RemoveTagsFromResource removes metadata tags from a Neptune resource.

Access level: Tagging.

Resource types:

Condition Keys:

ResetDBClusterParameterGroup

ResetDBClusterParameterGroup modifies the parameters of a DB cluster parameter group to the default value.

Access level: Write.

Resource type: cluster-pg (required).

ResetDBParameterGroup

ResetDBParameterGroup modifies the parameters of a DB parameter group to the engine/system default value.

Access level: Write.

Resource type: pg (required).

RestoreDBClusterFromSnapshot

RestoreDBClusterFromSnapshot creates a new DB cluster from a DB cluster snapshot.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

RestoreDBClusterToPointInTime

RestoreDBClusterToPointInTime restores a DB cluster to an arbitrary point in time.

Access level: Write.

Dependent actions: iam:PassRole.

Resource types:

Condition Keys:

StartDBCluster

StartDBCluster starts the specified DB cluster.

Access level: Write.

Resource type: cluster (required).

StopDBCluster

StopDBCluster stops the specified DB cluster.

Access level: Write.

Resource type: cluster (required).