Selecione suas preferências de cookies

Usamos cookies essenciais e ferramentas semelhantes que são necessárias para fornecer nosso site e serviços. Usamos cookies de desempenho para coletar estatísticas anônimas, para que possamos entender como os clientes usam nosso site e fazer as devidas melhorias. Cookies essenciais não podem ser desativados, mas você pode clicar em “Personalizar” ou “Recusar” para recusar cookies de desempenho.

Se você concordar, a AWS e terceiros aprovados também usarão cookies para fornecer recursos úteis do site, lembrar suas preferências e exibir conteúdo relevante, incluindo publicidade relevante. Para aceitar ou recusar todos os cookies não essenciais, clique em “Aceitar” ou “Recusar”. Para fazer escolhas mais detalhadas, clique em “Personalizar”.

AmazonRDSCustomServiceRolePolicy - AWS Política gerenciada

As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

AmazonRDSCustomServiceRolePolicy

Descrição: permite que o Amazon RDS Custom gerencie recursos da AWS em seu nome.

AmazonRDSCustomServiceRolePolicy é uma política gerenciada pelo AWS.

Utilização desta política

Essa política é vinculada a uma função associada a um serviço, o que possibilita que este serviço execute ações em seu próprio nome. Não é possível vincular esta política a usuários, grupos ou funções.

Detalhes desta política

  • Tipo: Política de função vinculada ao serviço

  • Hora da criação: 08 de outubro de 2021, 21:39 UTC

  • Hora da edição: 18 de julho de 2024, 17:33 UTC

  • ARN: arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomServiceRolePolicy

Versão da política

Versão da política: v10 (padrão)

A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou perfil com esta política faz uma solicitação para acessar um atributo da AWS, a AWS verifica a versão padrão da política para determinar se concederá a permissão solicitada.

Documento da política JSON

{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "rdscrc", "Effect" : "Allow", "Action" : [ "rds:CrossRegionCommunication" ], "Resource" : "*" }, { "Sid" : "ecc1", "Effect" : "Allow", "Action" : [ "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeSnapshots", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVolumes", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeImages", "ec2:DescribeVpcs", "ec2:RegisterImage", "ec2:DeregisterImage", "ec2:DescribeTags", "ec2:DescribeSecurityGroups", "ec2:DescribeVolumesModifications", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:SearchTransitGatewayMulticastGroups", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables" ], "Resource" : [ "*" ] }, { "Sid" : "ecc2", "Effect" : "Allow", "Action" : [ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances" ], "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ecc1scoping", "Effect" : "Allow", "Action" : [ "ec2:AllocateAddress" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ecc1scoping2", "Effect" : "Allow", "Action" : [ "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:ReleaseAddress" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ecc1scoping3", "Effect" : "Allow", "Action" : [ "ec2:AssignPrivateIpAddresses" ], "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccRunInstances1", "Effect" : "Allow", "Action" : "ec2:RunInstances", "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:network-interface/*" ], "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccRunInstances2", "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:placement-group/*" ] }, { "Sid" : "eccRunInstances3", "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::snapshot/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac", "custom-oracle" ] } } }, { "Sid" : "eccModifyInstanceAttribute1", "Effect" : "Allow", "Action" : [ "ec2:ModifyInstanceAttribute" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-sqlserver" ], "ec2:Attribute" : "InstanceType" } } }, { "Sid" : "RequireImdsV2", "Effect" : "Deny", "Action" : "ec2:RunInstances", "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringNotEquals" : { "ec2:MetadataHttpTokens" : "required" }, "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccRunInstances3keyPair1", "Effect" : "Allow", "Action" : [ "ec2:RunInstances", "ec2:DeleteKeyPair" ], "Resource" : [ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccKeyPair2", "Effect" : "Allow", "Action" : [ "ec2:CreateKeyPair" ], "Resource" : [ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" ], "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccNetworkInterface1", "Effect" : "Allow", "Action" : "ec2:CreateNetworkInterface", "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccNetworkInterface2", "Effect" : "Allow", "Action" : "ec2:CreateNetworkInterface", "Resource" : [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Sid" : "eccNetworkInterface3", "Effect" : "Allow", "Action" : "ec2:DeleteNetworkInterface", "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccCreateTag1", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccCreateTag2", "Effect" : "Allow", "Action" : "ec2:CreateTags", "Resource" : "*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ], "ec2:CreateAction" : [ "CreateKeyPair", "RunInstances", "CreateNetworkInterface", "CreateVolume", "CreateSnapshot", "CreateSnapshots", "CopySnapshot", "AllocateAddress", "CopyImage" ] } } }, { "Sid" : "eccVolume1", "Effect" : "Allow", "Action" : [ "ec2:DetachVolume", "ec2:AttachVolume" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccVolume2", "Effect" : "Allow", "Action" : "ec2:CreateVolume", "Resource" : "arn:aws:ec2:*:*:volume/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccVolume3", "Effect" : "Allow", "Action" : [ "ec2:ModifyVolumeAttribute", "ec2:DeleteVolume", "ec2:ModifyVolume" ], "Resource" : "arn:aws:ec2:*:*:volume/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccVolume4snapshot1", "Effect" : "Allow", "Action" : [ "ec2:CreateVolume", "ec2:DeleteSnapshot" ], "Resource" : "arn:aws:ec2:*::snapshot/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccSnapshot2", "Effect" : "Allow", "Action" : [ "ec2:CopySnapshot", "ec2:CreateSnapshot", "ec2:CreateSnapshots" ], "Resource" : "arn:aws:ec2:*::snapshot/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccSnapshot3", "Effect" : "Allow", "Action" : "ec2:CreateSnapshots", "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccSnapshot4", "Effect" : "Allow", "Action" : "ec2:CreateSnapshot", "Resource" : [ "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-sqlserver" ] } } }, { "Sid" : "eccAmi1", "Effect" : "Allow", "Action" : [ "ec2:CopyImage" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ] }, { "Sid" : "iam1", "Effect" : "Allow", "Action" : [ "iam:ListInstanceProfiles", "iam:GetInstanceProfile", "iam:GetRole", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:GetPolicy", "iam:GetPolicyVersion" ], "Resource" : "*" }, { "Sid" : "iam2", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/AWSRDSCustom*", "arn:aws:iam::*:role/service-role/AWSRDSCustom*" ], "Condition" : { "StringLike" : { "iam:PassedToService" : "ec2.amazonaws.com" } } }, { "Sid" : "cloudtrail1", "Effect" : "Allow", "Action" : [ "cloudtrail:GetTrailStatus" ], "Resource" : "arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*" }, { "Sid" : "cw1", "Effect" : "Allow", "Action" : [ "cloudwatch:EnableAlarmActions", "cloudwatch:DeleteAlarms" ], "Resource" : "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "cw2", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricAlarm", "cloudwatch:TagResource" ], "Resource" : "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "cw3", "Effect" : "Allow", "Action" : [ "cloudwatch:DescribeAlarms" ], "Resource" : "arn:aws:cloudwatch:*:*:alarm:*" }, { "Sid" : "ssm1", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : "arn:aws:ssm:*:*:document/*" }, { "Sid" : "ssm2", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ssm3", "Effect" : "Allow", "Action" : [ "ssm:GetCommandInvocation", "ssm:GetConnectionStatus", "ssm:DescribeInstanceInformation" ], "Resource" : "*" }, { "Sid" : "ssm4", "Effect" : "Allow", "Action" : [ "ssm:PutParameter", "ssm:AddTagsToResource" ], "Resource" : "arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "ssm5", "Effect" : "Allow", "Action" : [ "ssm:DeleteParameter" ], "Resource" : "arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eb1", "Effect" : "Allow", "Action" : [ "events:PutRule", "events:TagResource" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eb2", "Effect" : "Allow", "Action" : [ "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:ListTargetsByRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eb3", "Effect" : "Allow", "Action" : [ "events:PutRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "events:ManagedBy" : [ "custom.rds.amazonaws.com" ] } } }, { "Sid" : "eb4", "Effect" : "Allow", "Action" : [ "events:PutTargets", "events:EnableRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "events:ManagedBy" : [ "custom.rds.amazonaws.com" ] } } }, { "Sid" : "eb5", "Effect" : "Allow", "Action" : [ "events:DescribeRule", "events:ListTargetsByRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*" }, { "Sid" : "secretmanager1", "Effect" : "Allow", "Action" : [ "secretsmanager:TagResource", "secretsmanager:CreateSecret" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "secretmanager2", "Effect" : "Allow", "Action" : [ "secretsmanager:TagResource", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:PutSecretValue" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "sqs1", "Effect" : "Allow", "Action" : [ "sqs:CreateQueue", "sqs:TagQueue" ], "Resource" : "arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-sqlserver" ] } } }, { "Sid" : "sqs2", "Effect" : "Allow", "Action" : [ "sqs:GetQueueAttributes", "sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:DeleteQueue" ], "Resource" : "arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-sqlserver" ] } } }, { "Sid" : "servicequota1", "Effect" : "Allow", "Action" : [ "servicequotas:GetServiceQuota" ], "Resource" : "*" } ] }

Saiba mais

PrivacidadeTermos do sitePreferências de cookies
© 2025, Amazon Web Services, Inc. ou suas afiliadas. Todos os direitos reservados.