As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
Descrição: permite que o Amazon RDS Custom execute várias ações de automação e tarefas de gerenciamento de banco de dados por meio de um perfil de EC2 instância.
AmazonRDSCustomInstanceProfileRolePolicy é uma política gerenciada pelo AWS.
Utilização desta política
Você pode vincular a AmazonRDSCustomInstanceProfileRolePolicy aos seus usuários, grupos e perfis.
Detalhes desta política
-
Tipo: política AWS gerenciada
-
Hora da criação: 27 de fevereiro de 2024, 17:42 UTC
-
Horário editado: 20 de março de 2025, 16:22 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonRDSCustomInstanceProfileRolePolicy
Versão da política
Versão da política: v2 (padrão)
A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou função da política faz uma solicitação para acessar um AWS recurso, AWS verifica a versão padrão da política para determinar se a solicitação deve ser permitida.
Documento da política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "ssmAgentPermission1",
"Effect" : "Allow",
"Action" : [
"ssm:UpdateInstanceInformation"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"StringLike" : {
"aws:ResourceTag/AWSRDSCustom" : [
"custom-oracle",
"custom-sqlserver",
"custom-oracle-rac"
]
}
}
},
{
"Sid" : "ssmAgentPermission2",
"Effect" : "Allow",
"Action" : [
"ssm:GetManifest",
"ssm:PutConfigurePackageResult"
],
"Resource" : "*"
},
{
"Sid" : "ssmAgentPermission3",
"Effect" : "Allow",
"Action" : [
"ssm:GetDocument",
"ssm:DescribeDocument"
],
"Resource" : "arn:aws:ssm:*:*:document/*"
},
{
"Sid" : "ssmAgentPermission4",
"Effect" : "Allow",
"Action" : [
"ssmmessages:CreateControlChannel",
"ssmmessages:OpenControlChannel"
],
"Resource" : "*"
},
{
"Sid" : "ssmAgentPermission5",
"Effect" : "Allow",
"Action" : [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Resource" : "*"
},
{
"Sid" : "createEc2SnapshotPermission1",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSnapshot",
"ec2:CreateSnapshots"
],
"Resource" : [
"arn:aws:ec2:*:*:volume/*"
],
"Condition" : {
"StringLike" : {
"aws:ResourceTag/AWSRDSCustom" : [
"custom-oracle",
"custom-sqlserver",
"custom-oracle-rac"
]
}
}
},
{
"Sid" : "createEc2SnapshotPermission2",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSnapshot",
"ec2:CreateSnapshots"
],
"Resource" : [
"arn:aws:ec2:*::snapshot/*"
],
"Condition" : {
"StringLike" : {
"aws:RequestTag/AWSRDSCustom" : [
"custom-oracle",
"custom-sqlserver",
"custom-oracle-rac"
]
}
}
},
{
"Sid" : "createEc2SnapshotPermission3",
"Effect" : "Allow",
"Action" : "ec2:CreateSnapshots",
"Resource" : [
"arn:aws:ec2:*:*:instance/*"
],
"Condition" : {
"StringLike" : {
"aws:ResourceTag/AWSRDSCustom" : [
"custom-oracle",
"custom-sqlserver",
"custom-oracle-rac"
]
}
}
},
{
"Sid" : "createTagForEc2SnapshotPermission",
"Effect" : "Allow",
"Action" : "ec2:CreateTags",
"Resource" : "*",
"Condition" : {
"StringLike" : {
"aws:RequestTag/AWSRDSCustom" : [
"custom-oracle",
"custom-sqlserver",
"custom-oracle-rac"
],
"ec2:CreateAction" : [
"CreateSnapshot",
"CreateSnapshots"
]
}
}
},
{
"Sid" : "rdsCustomS3ObjectPermission",
"Effect" : "Allow",
"Action" : [
"s3:putObject",
"s3:getObject",
"s3:getObjectVersion",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource" : [
"arn:aws:s3:::do-not-delete-rds-custom-*/*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "rdsCustomS3BucketPermission",
"Effect" : "Allow",
"Action" : [
"s3:ListBucketVersions",
"s3:ListBucketMultipartUploads"
],
"Resource" : [
"arn:aws:s3:::do-not-delete-rds-custom-*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "readSecretsFromCpPermission",
"Effect" : "Allow",
"Action" : [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource" : [
"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*",
"arn:aws:secretsmanager:*:*:secret:rds-custom!*"
],
"Condition" : {
"StringLike" : {
"aws:ResourceTag/AWSRDSCustom" : [
"custom-oracle",
"custom-sqlserver",
"custom-oracle-rac"
]
}
}
},
{
"Sid" : "createSecretsOnDpPermission",
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret",
"secretsmanager:TagResource"
],
"Resource" : [
"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*"
],
"Condition" : {
"StringLike" : {
"aws:RequestTag/AWSRDSCustom" : "custom-oracle-rac"
}
}
},
{
"Sid" : "publishCwMetricsPermission",
"Effect" : "Allow",
"Action" : "cloudwatch:PutMetricData",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"cloudwatch:namespace" : [
"rdscustom/rds-custom-sqlserver-agent",
"RDSCustomForOracle/Agent"
]
}
}
},
{
"Sid" : "putEventsToEventBusPermission",
"Effect" : "Allow",
"Action" : "events:PutEvents",
"Resource" : "arn:aws:events:*:*:event-bus/default"
},
{
"Sid" : "cwlUploadPermission",
"Effect" : "Allow",
"Action" : [
"logs:PutRetentionPolicy",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource" : "arn:aws:logs:*:*:log-group:rds-custom-instance-*"
},
{
"Sid" : "sendMessageToSqsQueuePermission",
"Effect" : "Allow",
"Action" : [
"sqs:SendMessage",
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueUrl"
],
"Resource" : [
"arn:aws:sqs:*:*:do-not-delete-rds-custom-*"
],
"Condition" : {
"StringLike" : {
"aws:ResourceTag/AWSRDSCustom" : "custom-sqlserver"
}
}
},
{
"Sid" : "managePrivateIpOnEniPermission",
"Effect" : "Allow",
"Action" : [
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Resource" : "arn:aws:ec2:*:*:network-interface/*",
"Condition" : {
"StringLike" : {
"aws:ResourceTag/AWSRDSCustom" : "custom-oracle-rac"
}
}
},
{
"Sid" : "kmsPermissionWithSecret",
"Effect" : "Allow",
"Action" : [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource" : "*",
"Condition" : {
"ArnLike" : {
"kms:EncryptionContext:SecretARN" : [
"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*",
"arn:aws:secretsmanager:*:*:secret:rds-custom!*"
]
},
"StringLike" : {
"kms:ViaService" : "secretsmanager.*.amazonaws.com"
}
}
},
{
"Sid" : "kmsPermissionWithS3",
"Effect" : "Allow",
"Action" : [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource" : "*",
"Condition" : {
"ArnLike" : {
"kms:EncryptionContext:aws:s3:arn" : "arn:aws:s3:::do-not-delete-rds-custom-*"
},
"StringLike" : {
"kms:ViaService" : "s3.*.amazonaws.com"
}
}
}
]
}Saiba mais
