Fawry cloud devops internship
  • Application production deployment architecture
  • Application Deployment Process
  • Application Deployment pricing
  • Kubernetes ConfigMap and Secret
  • Kubernetes Network
  • Kubernetes PV & PVC
  • kubernetea Labs
  • Kubernetes Session 3
  • Kubernetes Session 2
  • Kubernetes Architecture
  • Amazon SQS
  • AWS SNS
  • AWS Elastic Transcode
  • AWS RDS
  • Amazon Aurora RDS
  • Amazon RDS for Oracle
  • Amazon RDS for PostgreSQL
  • Amazon RDS for MySQL
  • Amazon RDS for SQL Server
  • Amazon RDS Multi-AZ with one standby
  • AWS RDS Automated Backup
  • Amazon RDS - Event Notifications
  • Amazon RDS - DB Access Control
  • Amazon RDS - Data Import / Export
  • Amazon RDS - DB Monitoring
  • Amazon RDS on VMware
  • Amazon Aurora Serverless
  • Cloud Computing
  • AWS
  • AWS Features
  • AWS Global Infrastructure
  • AWS Services
  • AWS IAM
  • AWS S3
  • AWS S3 Lifecycle Management
  • EC2
  • Instance types
  • AMI
  • EBS
  • Elastic File System
  • EC2 Lab with EFS shared
  • AWS Route53
  • AWS VPC
  • EC2 placement group
  • AWS LB
  • EC2 Auto Scaling
  • Cloud Watch
  • SeMA Deployment Architecture
    • SeMA application sizing-estimation process .
    • SeMA Deployment Architecture
  • Laravel Deployment Architecture
    • Larvel application sizing-estimation process .
    • SeMA Deployment Architecture
  • SeMA Survey Application Deployment Architecture
  • Fawry DevOps internship Agenda
  • Fawry cloud devops internship
  • User Guide
  • FAQ
  • Application Architecture
    • Architecture
    • UI : Angular 8
    • Web : PHP Laravel
    • Analytics : Metabase
    • DB : MariaDB
    • Application Security Course
  • ZiSoft Deployment
    • Non-Production Deployment
    • Kubernetes Production Deployment
    • Offline Production Deployment
    • SaaS :Kubeapps
  • Linux for DevOps
  • Architecture of Linux system
  • Linux Directory Structure
  • Linux Commands
  • Linux labs
  • Docs
  • GIT
  • Git vs SVN
  • Git Flow / Git Branching Model
  • Git Version Control System
  • Git Terminology
  • Git Commands
  • Git Remote
  • Git Stash
  • Git Merge and Merge Conflict
  • Merge vs Rebase
  • Git Tags
  • Containerization
  • Dockerfile
  • Docker Compose
  • Docker Architecture
  • DevOps part 1 : interview
Powered by GitBook
On this page
  • Authentication
  • Access Control
  • Action on Any RDS Resource
  • Disallow deleting a DB Instance

Was this helpful?

Export as PDF

Amazon RDS - DB Access Control

To access the Amazon RDS DB instance the user needs specific permissions. This is configured using AWS IAM (Identity and Access management). In this tutorial we will see how this configuration is done.

The configuration involves two parts.

  • Authentication

  • Access Control

Authentication

It involves creating the username, password and generating the access keys for the user. With help of access key, it is possible to make programmatic access to the AWS RDS service. The SDK and CLI tools use the access keys to cryptographically sign in with the request.

We can aslo use an IAM Role to authenticate a user. But the role is not attached to any specific user, rather any user can assume the role temporarily and complete the required task. After the task is over the role can be revoked and the user loses the authentication ability.

Access Control

After a user is authenticated, a policy attached to that user determines the type of tasks the uer can carry on. Below is an example of policy which allows the creation of a RDS DB instance, on a t2.micro instance for the DB Engine MySQL.

{
    "Version": "2018-09-11",
    "Statement": [
        {
            "Sid": "AllowCreateDBInstanceOnly",
            "Effect": "Allow",
            "Action": [
                "rds:CreateDBInstance"
            ],
            "Resource": [
                "arn:aws:rds:*:123456789012:db:test*",
                "arn:aws:rds:*:123456789012:og:default*",
                "arn:aws:rds:*:123456789012:pg:default*",
                "arn:aws:rds:*:123456789012:subgrp:default"
            ],
            "Condition": {
                "StringEquals": {
                    "rds:DatabaseEngine": "mysql",
                    "rds:DatabaseClass": "db.t2.micro"
                }
            }
        }
    ]
}

Action on Any RDS Resource

In the below example we see a policy that allows any describe action on any RDS resource. The * symbol is used to represent any resource.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"AllowRDSDescribe",
         "Effect":"Allow",
         "Action":"rds:Describe*",
         "Resource":"*"
      }
   ]
}

Disallow deleting a DB Instance

The below policy disallows a user from deleting a specific DB instance.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"DenyDelete1",
         "Effect":"Deny",
         "Action":"rds:DeleteDBInstance",
         "Resource":"arn:aws:rds:us-west-2:123456789012:db:my-mysql-instance"
      }
   ]
}

Last updated 2 years ago

Was this helpful?