RDS log Monitoring Privileges

AWS IAM Policy can be used to create permissions that specify which RDS actions a user, or a group of users in your AWS account can perform. IAM Policy is basically a JSON document that consists of one or more statements which defines the action to be taken on AWS resources. It can be used to determine who is allowed to create, delete, modify RDS instances. 

Monyog needs the following permissions to fetch the log files:

1. DescribeDBLogFiles : This API fetches a list of log files available for your instance.

2. DownloadDBLogFilePortion: This API downloads the specified log file.

You can create a simple IAM Policy, giving the above permissions, for e.g: 

{
"Version":"2012-10-17",
"Statement": [{
"Effect":"Allow",
"Action": [
      "rds:DescribeDBLogFiles",
      "rds:DownloadDBLogFilePortion"
          ],
"Resource":"*"
             }]
}

If you don't want to create your own policy, you can always use the default policies provided by AWS like "AmazonRDSFullAccess", which gives permission for all actions to use Amazon RDS, although this is not recommended for a production environment.

Still need help? Contact Us Contact Us