Change log of AWS IAM permissions

2022-12-03

4 new actions, 1 new resource | 2 updated actions

Additions

Actions

CreateBlueGreenDeployment
- Description: Grants permission to create a blue-green deployment for a given source cluster or instance
- Access: Write
- Resources:
  Name: deployment
  
  Required: Yes
  
  Name: cluster
  
  Required: No
  
  Name: cluster-pg
  
  Required: No
  
  Name: db
  
  Required: No
  
  Name: pg
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  rds:cluster-tag/${TagKey}
  
  rds:cluster-pg-tag/${TagKey}
  
  rds:db-tag/${TagKey}
  
  rds:pg-tag/${TagKey}
  
  rds:req-tag/${TagKey}
  
  rds:DatabaseEngine
  
  rds:DatabaseName
  
  rds:StorageEncrypted
  
  rds:DatabaseClass
  
  rds:StorageSize
  
  rds:MultiAz
  
  rds:Piops
  
  rds:Vpc
- Dependents:
  rds:AddTagsToResource
  
  rds:CreateDBCluster
  
  rds:CreateDBClusterEndpoint
  
  rds:CreateDBInstance
  
  rds:CreateDBInstanceReadReplica
DeleteBlueGreenDeployment
- Description: Grants permission to delete blue green deployments
- Access: Write
- Resources:
  Name: deployment
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  rds:req-tag/${TagKey}
- Dependents:
  rds:DeleteDBCluster
  
  rds:DeleteDBClusterEndpoint
  
  rds:DeleteDBInstance
DescribeBlueGreenDeployments
- Description: Grants permission to describe blue green deployments
- Access: List
- Resources:
  Name: deployment
  
  Required: No
SwitchoverBlueGreenDeployment
- Description: Grants permission to switch a blue-green deployment from source instance or cluster to target
- Access: Write
- Resources:
  Name: deployment
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  rds:req-tag/${TagKey}
- Dependents:
  rds:ModifyDBCluster
  
  rds:ModifyDBInstance
  
  rds:PromoteReadReplica
  
  rds:PromoteReadReplicaDBCluster

Resources

deployment
- Arn: arn:${Partition}:rds:${Region}:${Account}:deployment:${BlueGreenDeploymentIdentifier}
- Conditions:
  aws:ResourceTag/${TagKey}

Updates

Actions

AddTagsToResource
- ＋ deployment
RemoveTagsFromResource
- ＋ deployment

Amazon RDS (rds)

Additions

Updates