AWS Database Migration Service (dms)

Additions

Actions

• CreateDataMigration
  
  • Description:  Grants permission to create a database migration using the provided settings
  • Access:  Write
  • Resources: 

    Name: MigrationProject

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    dms:req-tag/${TagKey}

• CreateReplicationConfig
  
  • Description:  Grants permission to create a replication config using the provided settings
  • Access:  Write
  • Resources: 

    Name: Endpoint

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    dms:req-tag/${TagKey}

• DeleteDataMigration
  
  • Description:  Grants permission to delete the specified database migration
  • Access:  Write
  • Resources: 

    Name: DataMigration

    Required: Yes

• DeleteReplicationConfig
  
  • Description:  Grants permission to delete the specified replication config
  • Access:  Write
  • Resources: 

    Name: ReplicationConfig

    Required: Yes

• DescribeDataMigrations
  
  • Description:  Grants permission to return information about database migrations for your account in the specified region
  • Access:  Read
• DescribeReplicationConfigs
  
  • Description:  Grants permission to describe replication configs
  • Access:  Read
• DescribeReplicationTableStatistics
  
  • Description:  Grants permission to describe replication table statistics
  • Access:  Read
  • Resources: 

    Name: ReplicationConfig

    Required: Yes

• DescribeReplications
  
  • Description:  Grants permission to describe replications
  • Access:  Read
• ModifyDataMigration
  
  • Description:  Grants permission to modify the specified database migration
  • Access:  Write
  • Resources: 

    Name: DataMigration

    Required: Yes

• ModifyReplicationConfig
  
  • Description:  Grants permission to modify the specified replication config
  • Access:  Write
  • Resources: 

    Name: ReplicationConfig

    Required: Yes

• ReloadReplicationTables
  
  • Description:  Grants permission to reload the target database table with the source for a replication
  • Access:  Write
  • Resources: 

    Name: ReplicationConfig

    Required: Yes

• StartDataMigration
  
  • Description:  Grants permission to start the database migration
  • Access:  Write
  • Resources: 

    Name: DataMigration

    Required: Yes

• StartReplication
  
  • Description:  Grants permission to start a replication
  • Access:  Write
  • Resources: 

    Name: ReplicationConfig

    Required: Yes

• StopDataMigration
  
  • Description:  Grants permission to stop the database migration
  • Access:  Write
  • Resources: 

    Name: DataMigration

    Required: Yes

• StopReplication
  
  • Description:  Grants permission to stop a replication
  • Access:  Write
  • Resources: 

    Name: ReplicationConfig

    Required: Yes

Resources

• DataMigration
  
  • Arn:  arn:${Partition}:dms:${Region}:${Account}:data-migration:*
  • Conditions: 

    aws:ResourceTag/${TagKey}

    dms:data-migration-tag/${TagKey}

• ReplicationConfig
  
  • Arn:  arn:${Partition}:dms:${Region}:${Account}:replication-config:*
  • Conditions: 

    aws:ResourceTag/${TagKey}

    dms:replication-config-tag/${TagKey}

Conditions

• dms:data-provider-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for DataProvider
  • Type:  String
• dms:migration-project-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for MigrationProject
  • Type:  String
• dms:replication-config-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for ReplicationConfig
  • Type:  String

Updates

Resources

• DataProvider
  
  Conditions
  
  • ＋ dms:data-provider-tag/${TagKey}
  • － dms:dp-tag/${TagKey}
• InstanceProfile
  
  Conditions
  
  • ＋ dms:instance-profile-tag/${TagKey}
  • － dms:ip-tag/${TagKey}
• MigrationProject
  
  Conditions
  
  • ＋ dms:migration-project-tag/${TagKey}
  • － dms:mp-tag/${TagKey}

Conditions

• dms:instance-profile-tag/${TagKey}
  
  Description
  
  • Old: Filters access by the presence of tag key-value pairs in the request for MigrationProject
    New: Filters access by the presence of tag key-value pairs in the request for InstanceProfile
• dms:data-migration-tag/${TagKey}
  
  Description
  
  • Old: Filters access by the presence of tag key-value pairs in the request for DataProvider
    New: Filters access by the presence of tag key-value pairs in the request for DataMigration

Actions

• AddTagsToResource
  
  Resources
  
  • ＋ DataMigration
  • ＋ ReplicationConfig
• ListTagsForResource
  
  Resources
  
  • ＋ DataMigration
  • ＋ DataProvider
  • ＋ InstanceProfile
  • ＋ MigrationProject
  • ＋ ReplicationConfig
• RemoveTagsFromResource
  
  Resources
  
  • ＋ DataMigration
  • ＋ ReplicationConfig

Deletions

Conditions

• dms:ip-tag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request for InstanceProfile
  • Type:  String