# IAM resource types for administering Amazon Neptune
Neptune supports the resource types in the following table for use in the `Resource` element of IAM administration policy statements. For more information about the `Resource` element, see [IAM JSON Policy Elements: Resource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html).
The [list of Neptune administration actions](neptune-iam-admin-actions.md) identifies the resource types that can be specified with each action. A resource type also determines which condition keys you can include in a policy, as specified in the last column of the table below.
The `ARN` column in the table below specifies the Amazon Resource Name (ARN) format that you must use to reference resources of this type. The portions that are preceded by a ` $ ` must be replaced by the actual values for your scenario. For example, if you see `$user-name` in an ARN, you must replace that string either with the actual IAM user's name or with a policy variable that contains an IAM user name. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns), and [Working with administrative ARNs in Amazon Neptune](tagging-arns.md).
The` Condition Keys `column specifies condition context keys that you can include in an IAM policy statement only when both this resource and a compatible supporting action are included in the statement.
****
| Resource Types | ARN | Condition Keys |
| --- | --- | --- |
| `cluster`
(a DB cluster) | arn:{{partition}}:rds:{{region}}:{{account-id}}:cluster:{{instance-name}} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag)
[rds:cluster-tag/{{tag-key}}](iam-admin-condition-keys.md#admin-rds_cluster-tag) |
| `cluster-pg`
(a DB cluster parameter group) | arn:{{partition}}:rds:{{region}}:{{account-id}}:cluster-pg:{{neptune-DBClusterParameterGroupName}} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag) |
| `cluster-snapshot`
(a DB cluster snapshot) | arn:{{partition}}:rds:{{region}}:{{account-id}}:cluster-snapshot:{{neptune-DBClusterSnapshotName}} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag)
[rds:cluster-snapshot-tag/{{tag-key}}](iam-admin-condition-keys.md#admin-rds_cluster-snapshot-tag) |
| `db`
(a DB instance) | arn:{{partition}}:rds:{{region}}:{{account-id}}:db:{{neptune-DbInstanceName}} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag)
[rds:DatabaseClass](iam-admin-condition-keys.md#admin-rds_DatabaseClass)
[rds:DatabaseEngine](iam-admin-condition-keys.md#admin-rds_DatabaseEngine)
[rds:db-tag/{{tag-key}}](iam-admin-condition-keys.md#admin-rds_db-tag) |
| `es`
(an event subscription) | arn:{{partition}}:rds:{{region}}:{{account-id}}:es:{{neptune-CustSubscriptionId }} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag)
[rds:es-tag/{{tag-key}}](iam-admin-condition-keys.md#admin-rds_es-tag) |
| `pg`
(a DB parameter group) | arn:{{partition}}:rds:{{region}}:{{account-id}}:pg:{{neptune-ParameterGroupName}} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag)
[rds:pg-tag/{{tag-key}}](iam-admin-condition-keys.md#admin-rds_pg-tag) |
| `subgrp`
(a DB subnet group) | arn:{{partition}}:rds:{{region}}:{{account-id}}:subgrp:{{neptune-DBSubnetGroupName}}} | [aws:ResourceTag/{{tag-key}}](iam-admin-condition-keys.md#admin-aws_ResourceTag)
[rds:subgrp-tag/{{tag-key}}](iam-admin-condition-keys.md#admin-rds_subgrp-tag) |