This is an archive version of the document. To get the most up-to-date information, see the current version.RDS Restore IAM Permissions
To perform RDS restore operations, IAM roles and IAM users specified in the restore settings must have the following permissions:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "events:DeleteRule", "events:DescribeRule", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "iam:GetContextKeysForPrincipalPolicy", "iam:GetRole", "iam:SimulatePrincipalPolicy", "kms:CreateGrant", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:ListKeys", "rds:AddTagsToResource", "rds:CopyDBSnapshot", "rds:CreateDBSnapshot", "rds:DeleteDBSnapshot", "rds:DescribeDBInstances", "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:ModifyDBSnapshotAttribute", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe", "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:DeleteQueue", "sqs:ListQueues", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:SetQueueAttributes" ], "Resource": "*", "Effect": "Allow" } ] } |