Amazon MemoryDB (memorydb)

2021-08-26

35 new actions, 6 new resources, 3 new conditions

Additions

    Actions
  • BatchUpdateClusters
    • Description:  Grants permissions to apply service updates
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:DeleteNetworkInterface

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs

      s3:GetObject
  • CopySnapshot
    • Description:  Grants permissions to make a copy of an existing snapshot
    • Access:  Write
    • Resources: 

      Name: snapshot

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      memorydb:TagResource

      s3:DeleteObject

      s3:GetBucketAcl

      s3:PutObject
  • CreateAcl
    • Description:  Grants permissions to create a new access control list
    • Access:  Write
    • Resources: 

      Name: user

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      memorydb:TagResource
  • CreateCluster
    • Description:  Grants permissions to create a cluster
    • Access:  Write
    • Resources: 

      Name: acl

      Required: Yes

      Name: parametergroup

      Required: Yes

      Name: subnetgroup

      Required: Yes

      Name: snapshot

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:DeleteNetworkInterface

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs

      memorydb:TagResource

      s3:GetObject
  • CreateParameterGroup
    • Description:  Grants permissions to create a new parameter group
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      memorydb:TagResource
  • CreateSnapshot
    • Description:  Grants permissions to create a backup of a cluster at the current point in time
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      memorydb:TagResource

      s3:DeleteObject

      s3:GetBucketAcl

      s3:PutObject
  • CreateSubnetGroup
    • Description:  Grants permissions to create a new subnet group
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      memorydb:TagResource
  • CreateUser
    • Description:  Grants permissions to create a new user
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      memorydb:TagResource
  • DeleteAcl
    • Description:  Grants permissions to delete an access control list
    • Access:  Write
    • Resources: 

      Name: acl

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DeleteCluster
    • Description:  Grants permissions to delete a previously provisioned cluster
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

      Name: snapshot

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:DeleteNetworkInterface

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs
  • DeleteParameterGroup
    • Description:  Grants permissions to delete a parameter group
    • Access:  Write
    • Resources: 

      Name: parametergroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DeleteSnapshot
    • Description:  Grants permissions to delete a snapshot
    • Access:  Write
    • Resources: 

      Name: snapshot

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DeleteSubnetGroup
    • Description:  Grants permissions to delete a subnet group
    • Access:  Write
    • Resources: 

      Name: subnetgroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:DeleteNetworkInterface

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs
  • DeleteUser
    • Description:  Grants permissions to delete a user
    • Access:  Write
    • Resources: 

      Name: user

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeAcls
    • Description:  Grants permissions to retrieve information about access control lists
    • Access:  Read
    • Resources: 

      Name: acl

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeClusters
    • Description:  Grants permissions to retrieve information about all provisioned clusters if no cluster identifier is specified, or about a specific cluster if a cluster identifier is supplied
    • Access:  Read
    • Resources: 

      Name: cluster

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeEngineVersions
    • Description:  Grants permissions to list of the available engines and their versions
    • Access:  Read
  • DescribeEvents
    • Description:  Grants permissions to retrieve events related to clusters, subnet groups, and parameter groups
    • Access:  Read
  • DescribeParameterGroups
    • Description:  Grants permissions to retrieve information about parameter groups
    • Access:  Read
    • Resources: 

      Name: parametergroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeParameters
    • Description:  Grants permissions to retrieve a detailed parameter list for a particular parameter group
    • Access:  Read
    • Resources: 

      Name: parametergroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeServiceUpdates
    • Description:  Grants permissions to retrieve details of the service updates
    • Access:  Read
  • DescribeSnapshots
    • Description:  Grants permissions to retrieve information about cluster snapshots
    • Access:  Read
    • Resources: 

      Name: snapshot

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeSubnetGroups
    • Description:  Grants permissions to retrieve a list of subnet group
    • Access:  Read
    • Resources: 

      Name: subnetgroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • DescribeUsers
    • Description:  Grants permissions to retrieve information about users
    • Access:  Read
    • Resources: 

      Name: user

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • FailoverShard
    • Description:  Grants permissions to test automatic failover on a specified shard in a cluster
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:DeleteNetworkInterface

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs
  • ListNodeTypeUpdates
    • Description:  Grants permissions to list available node type updates
    • Access:  Read
    • Resources: 

      Name: cluster

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • ListTags
    • Description:  Grants permissions to list cost allocation tags
    • Access:  Read
    • Resources: 

      Name: acl

      Required: No

      Name: cluster

      Required: No

      Name: parametergroup

      Required: No

      Name: snapshot

      Required: No

      Name: subnetgroup

      Required: No

      Name: user

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • ResetParameterGroup
    • Description:  Grants permissions to modify the parameters of a parameter group to the engine or system default value
    • Access:  Write
    • Resources: 

      Name: parametergroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • TagResource
    • Description:  Grants permissions to add up to 10 cost allocation tags to the named resource
    • Access:  Tagging
    • Resources: 

      Name: acl

      Required: No

      Name: cluster

      Required: No

      Name: parametergroup

      Required: No

      Name: snapshot

      Required: No

      Name: subnetgroup

      Required: No

      Name: user

      Required: No

    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}

      aws:ResourceTag/${TagKey}
  • UntagResource
    • Description:  Grants permissions to remove the tags identified by the TagKeys list from a resource
    • Access:  Tagging
    • Resources: 

      Name: acl

      Required: No

      Name: cluster

      Required: No

      Name: parametergroup

      Required: No

      Name: snapshot

      Required: No

      Name: subnetgroup

      Required: No

      Name: user

      Required: No

    • Conditions: 

      aws:TagKeys

      aws:ResourceTag/${TagKey}
  • UpdateAcl
    • Description:  Grants permissions to update an access control list
    • Access:  Write
    • Resources: 

      Name: acl

      Required: Yes

      Name: user

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • UpdateCluster
    • Description:  Grants permissions to update the settings for a cluster
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

      Name: acl

      Required: No

      Name: parametergroup

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:DeleteNetworkInterface

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs
  • UpdateParameterGroup
    • Description:  Grants permissions to update parameters in a parameter group
    • Access:  Write
    • Resources: 

      Name: parametergroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • UpdateSubnetGroup
    • Description:  Grants permissions to update a subnet group
    • Access:  Write
    • Resources: 

      Name: subnetgroup

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • UpdateUser
    • Description:  Grants permissions to update a user
    • Access:  Write
    • Resources: 

      Name: user

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
    Resources
  • parametergroup
    • Arn:  arn:${Partition}:memorydb:${Region}:${Account}:parametergroup/${ParameterGroupName}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • subnetgroup
    • Arn:  arn:${Partition}:memorydb:${Region}:${Account}:subnetgroup/${SubnetGroupName}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • cluster
    • Arn:  arn:${Partition}:memorydb:${Region}:${Account}:cluster/${ClusterName}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • snapshot
    • Arn:  arn:${Partition}:memorydb:${Region}:${Account}:snapshot/${SnapshotName}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • user
    • Arn:  arn:${Partition}:memorydb:${Region}:${Account}:user/${UserName}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • acl
    • Arn:  arn:${Partition}:memorydb:${Region}:${Account}:acl/${AclName}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters actions based on the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters actions based on the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters actions based on the tag keys that are passed in the request
    • Type:  String