기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
AmazonRDSCustomServiceRolePolicy
설명: Amazon RDS Custom이 사용자를 대신하여 AWS 리소스를 관리할 수 있도록 허용합니다.
AmazonRDSCustomServiceRolePolicyAWS 관리형 정책입니다.
이 정책 사용
이 정책은 서비스에서 사용자를 대신하여 작업을 수행할 수 있도록 서비스 연결 역할에 연결됩니다. 사용자, 그룹 또는 역할에 정책을 연결할 수 없습니다.
정책 세부 정보
-
유형: 서비스 연결 역할 정책
-
작성 시간: 2021년 10월 8일 21시 39분 UTC
-
편집 시간: 2024년 7월 18일 17:33 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomServiceRolePolicy
정책 버전
정책 버전: v10(기본값)
정책의 기본 버전은 정책에 대한 권한을 정의하는 버전입니다. 정책이 적용되는 사용자 또는 역할이 AWS 리소스에 대한 액세스를 요청하면 은 정책의 기본 버전을 AWS 확인하여 요청을 허용할지 여부를 결정합니다.
JSON정책 문서
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "rdscrc", "Effect" : "Allow", "Action" : [ "rds:CrossRegionCommunication" ], "Resource" : "*" }, { "Sid" : "ecc1", "Effect" : "Allow", "Action" : [ "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeSnapshots", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVolumes", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeImages", "ec2:DescribeVpcs", "ec2:RegisterImage", "ec2:DeregisterImage", "ec2:DescribeTags", "ec2:DescribeSecurityGroups", "ec2:DescribeVolumesModifications", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:SearchTransitGatewayMulticastGroups", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables" ], "Resource" : [ "*" ] }, { "Sid" : "ecc2", "Effect" : "Allow", "Action" : [ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances" ], "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ecc1scoping", "Effect" : "Allow", "Action" : [ "ec2:AllocateAddress" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ecc1scoping2", "Effect" : "Allow", "Action" : [ "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:ReleaseAddress" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ecc1scoping3", "Effect" : "Allow", "Action" : [ "ec2:AssignPrivateIpAddresses" ], "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccRunInstances1", "Effect" : "Allow", "Action" : "ec2:RunInstances", "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:network-interface/*" ], "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccRunInstances2", "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:placement-group/*" ] }, { "Sid" : "eccRunInstances3", "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::snapshot/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac", "custom-oracle" ] } } }, { "Sid" : "eccModifyInstanceAttribute1", "Effect" : "Allow", "Action" : [ "ec2:ModifyInstanceAttribute" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-sqlserver" ], "ec2:Attribute" : "InstanceType" } } }, { "Sid" : "RequireImdsV2", "Effect" : "Deny", "Action" : "ec2:RunInstances", "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringNotEquals" : { "ec2:MetadataHttpTokens" : "required" }, "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccRunInstances3keyPair1", "Effect" : "Allow", "Action" : [ "ec2:RunInstances", "ec2:DeleteKeyPair" ], "Resource" : [ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccKeyPair2", "Effect" : "Allow", "Action" : [ "ec2:CreateKeyPair" ], "Resource" : [ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" ], "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccNetworkInterface1", "Effect" : "Allow", "Action" : "ec2:CreateNetworkInterface", "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccNetworkInterface2", "Effect" : "Allow", "Action" : "ec2:CreateNetworkInterface", "Resource" : [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Sid" : "eccNetworkInterface3", "Effect" : "Allow", "Action" : "ec2:DeleteNetworkInterface", "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eccCreateTag1", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccCreateTag2", "Effect" : "Allow", "Action" : "ec2:CreateTags", "Resource" : "*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ], "ec2:CreateAction" : [ "CreateKeyPair", "RunInstances", "CreateNetworkInterface", "CreateVolume", "CreateSnapshot", "CreateSnapshots", "CopySnapshot", "AllocateAddress", "CopyImage" ] } } }, { "Sid" : "eccVolume1", "Effect" : "Allow", "Action" : [ "ec2:DetachVolume", "ec2:AttachVolume" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccVolume2", "Effect" : "Allow", "Action" : "ec2:CreateVolume", "Resource" : "arn:aws:ec2:*:*:volume/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccVolume3", "Effect" : "Allow", "Action" : [ "ec2:ModifyVolumeAttribute", "ec2:DeleteVolume", "ec2:ModifyVolume" ], "Resource" : "arn:aws:ec2:*:*:volume/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccVolume4snapshot1", "Effect" : "Allow", "Action" : [ "ec2:CreateVolume", "ec2:DeleteSnapshot" ], "Resource" : "arn:aws:ec2:*::snapshot/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccSnapshot2", "Effect" : "Allow", "Action" : [ "ec2:CopySnapshot", "ec2:CreateSnapshot", "ec2:CreateSnapshots" ], "Resource" : "arn:aws:ec2:*::snapshot/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccSnapshot3", "Effect" : "Allow", "Action" : "ec2:CreateSnapshots", "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eccSnapshot4", "Effect" : "Allow", "Action" : "ec2:CreateSnapshot", "Resource" : [ "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-sqlserver" ] } } }, { "Sid" : "eccAmi1", "Effect" : "Allow", "Action" : [ "ec2:CopyImage" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ] }, { "Sid" : "iam1", "Effect" : "Allow", "Action" : [ "iam:ListInstanceProfiles", "iam:GetInstanceProfile", "iam:GetRole", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:GetPolicy", "iam:GetPolicyVersion" ], "Resource" : "*" }, { "Sid" : "iam2", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/AWSRDSCustom*", "arn:aws:iam::*:role/service-role/AWSRDSCustom*" ], "Condition" : { "StringLike" : { "iam:PassedToService" : "ec2.amazonaws.com" } } }, { "Sid" : "cloudtrail1", "Effect" : "Allow", "Action" : [ "cloudtrail:GetTrailStatus" ], "Resource" : "arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*" }, { "Sid" : "cw1", "Effect" : "Allow", "Action" : [ "cloudwatch:EnableAlarmActions", "cloudwatch:DeleteAlarms" ], "Resource" : "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "cw2", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricAlarm", "cloudwatch:TagResource" ], "Resource" : "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "cw3", "Effect" : "Allow", "Action" : [ "cloudwatch:DescribeAlarms" ], "Resource" : "arn:aws:cloudwatch:*:*:alarm:*" }, { "Sid" : "ssm1", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : "arn:aws:ssm:*:*:document/*" }, { "Sid" : "ssm2", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "ssm3", "Effect" : "Allow", "Action" : [ "ssm:GetCommandInvocation", "ssm:GetConnectionStatus", "ssm:DescribeInstanceInformation" ], "Resource" : "*" }, { "Sid" : "ssm4", "Effect" : "Allow", "Action" : [ "ssm:PutParameter", "ssm:AddTagsToResource" ], "Resource" : "arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "ssm5", "Effect" : "Allow", "Action" : [ "ssm:DeleteParameter" ], "Resource" : "arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle-rac" ] } } }, { "Sid" : "eb1", "Effect" : "Allow", "Action" : [ "events:PutRule", "events:TagResource" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eb2", "Effect" : "Allow", "Action" : [ "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:ListTargetsByRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "eb3", "Effect" : "Allow", "Action" : [ "events:PutRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "events:ManagedBy" : [ "custom.rds.amazonaws.com" ] } } }, { "Sid" : "eb4", "Effect" : "Allow", "Action" : [ "events:PutTargets", "events:EnableRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "events:ManagedBy" : [ "custom.rds.amazonaws.com" ] } } }, { "Sid" : "eb5", "Effect" : "Allow", "Action" : [ "events:DescribeRule", "events:ListTargetsByRule" ], "Resource" : "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*" }, { "Sid" : "secretmanager1", "Effect" : "Allow", "Action" : [ "secretsmanager:TagResource", "secretsmanager:CreateSecret" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "secretmanager2", "Effect" : "Allow", "Action" : [ "secretsmanager:TagResource", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:PutSecretValue" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } } }, { "Sid" : "sqs1", "Effect" : "Allow", "Action" : [ "sqs:CreateQueue", "sqs:TagQueue" ], "Resource" : "arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:RequestTag/AWSRDSCustom" : [ "custom-sqlserver" ] } } }, { "Sid" : "sqs2", "Effect" : "Allow", "Action" : [ "sqs:GetQueueAttributes", "sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:DeleteQueue" ], "Resource" : "arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Condition" : { "StringLike" : { "aws:ResourceTag/AWSRDSCustom" : [ "custom-sqlserver" ] } } }, { "Sid" : "servicequota1", "Effect" : "Allow", "Action" : [ "servicequotas:GetServiceQuota" ], "Resource" : "*" } ] }
자세히 알아보기
