AWS Database Migration Service (dms)

Additions

Actions

• AssociateExtensionPack
  
  • Description:  Grants permission to associate a extension pack
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• CancelMetadataModelAssessment
  
  • Description:  Grants permission to cancel a single metadata model assessment run
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• CancelMetadataModelConversion
  
  • Description:  Grants permission to cancel a single metadata model conversion run
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• CancelMetadataModelExport
  
  • Description:  Grants permission to cancel a single metadata model export run
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• CreateDataProvider
  
  • Description:  Grants permission to create an data provider using the provided settings
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    dms:req-tag/${TagKey}

• CreateInstanceProfile
  
  • Description:  Grants permission to create an instance profile using the provided settings
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    dms:req-tag/${TagKey}

• CreateMigrationProject
  
  • Description:  Grants permission to create an migration project using the provided settings
  • Access:  Write
  • Resources: 

    Name: DataProvider

    Required: Yes

    Name: InstanceProfile

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    dms:req-tag/${TagKey}

• DeleteDataProvider
  
  • Description:  Grants permission to delete the specified data provider
  • Access:  Write
  • Resources: 

    Name: DataProvider

    Required: Yes

• DeleteInstanceProfile
  
  • Description:  Grants permission to delete the specified instance profile
  • Access:  Write
  • Resources: 

    Name: InstanceProfile

    Required: Yes

• DeleteMigrationProject
  
  • Description:  Grants permission to delete the specified migration project
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• DisassociateExtensionPack
  
  • Description:  Grants permission to disassociate a extension pack
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• ExportMetadataModelAssessment
  
  • Description:  Grants permission to export the specified metadata model assessment
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: No

• GetMetadataModel
  
  • Description:  Grants permission to list all of the AWS DMS attributes for a metadata model
  • Access:  Read
  • Resources: 

    Name: MigrationProject

    Required: No

• ListDataProviders
  
  • Description:  Grants permission to list the AWS DMS attributes for a data providers
  • Access:  Read
  • Resources: 

    Name: DataProvider

    Required: No

• ListExtensionPacks
  
  • Description:  Grants permission to list the AWS DMS attributes for a extension packs
  • Access:  Read
  • Resources: 

    Name: MigrationProject

    Required: No

• ListInstanceProfiles
  
  • Description:  Grants permission to list the AWS DMS attributes for a instance profiles
  • Access:  Read
  • Resources: 

    Name: InstanceProfile

    Required: No

• ListMetadataModelAssessmentActionItems
  
  • Description:  Grants permission to list the AWS DMS attributes for a metadata model assessment action items
  • Access:  Read
  • Resources: 

    Name: MigrationProject

    Required: No

• ListMetadataModelAssessments
  
  • Description:  Grants permission to list the AWS DMS attributes for a metadata model assessments
  • Access:  Read
  • Resources: 

    Name: MigrationProject

    Required: No

• ListMetadataModelConversions
  
  • Description:  Grants permission to list the AWS DMS attributes for a metadata model conversions
  • Access:  Read
  • Resources: 

    Name: MigrationProject

    Required: No

• ListMetadataModelExports
  
  • Description:  Grants permission to list the AWS DMS attributes for a metadata model exports
  • Access:  Read
  • Resources: 

    Name: MigrationProject

    Required: No

• ListMigrationProjects
  
  • Description:  Grants permission to list the AWS DMS attributes for a migration projects
  • Access:  Read
  • Resources: 

    Name: DataProvider

    Required: No

    Name: InstanceProfile

    Required: No

    Name: MigrationProject

    Required: No

• StartMetadataModelAssessment
  
  • Description:  Grants permission to start a new assessment of metadata model
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• StartMetadataModelConversion
  
  • Description:  Grants permission to start a new conversion of metadata model
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• StartMetadataModelExportAsScripts
  
  • Description:  Grants permission to start a new export of metadata model as script
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• StartMetadataModelExportToTarget
  
  • Description:  Grants permission to start a new export of metadata model to target
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• StartMetadataModelImport
  
  • Description:  Grants permission to start a new import of metadata model
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• UpdateConversionConfiguration
  
  • Description:  Grants permission to update a conversion configuration
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

• UpdateDataProvider
  
  • Description:  Grants permission to update the specified data provider
  • Access:  Write
  • Resources: 

    Name: DataProvider

    Required: Yes

• UpdateInstanceProfile
  
  • Description:  Grants permission to update the specified instance profile
  • Access:  Write
  • Resources: 

    Name: InstanceProfile

    Required: Yes

• UpdateMigrationProject
  
  • Description:  Grants permission to update the specified migration project
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

Resources

• DataProvider
  
  • Arn:  arn:${Partition}:dms:${Region}:${Account}:data-provider:*
  • Conditions: 

    aws:ResourceTag/${TagKey}

    dms:dp-tag/${TagKey}

• InstanceProfile
  
  • Arn:  arn:${Partition}:dms:${Region}:${Account}:instance-profile:*
  • Conditions: 

    aws:ResourceTag/${TagKey}

    dms:ip-tag/${TagKey}

• MigrationProject
  
  • Arn:  arn:${Partition}:dms:${Region}:${Account}:migration-project:*
  • Conditions: 

    aws:ResourceTag/${TagKey}

    dms:mp-tag/${TagKey}

Conditions

• dms:dp-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for DataProvider
  • Type:  String
• dms:ip-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for InstanceProfile
  • Type:  String
• dms:mp-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for MigrationProject
  • Type:  String

Updates

Actions

• AddTagsToResource
  
  Resources
  
  • ＋ DataProvider
  • ＋ InstanceProfile
  • ＋ MigrationProject
• RemoveTagsFromResource
  
  Resources
  
  • ＋ DataProvider
  • ＋ InstanceProfile
  • ＋ MigrationProject