AWS add option group

amazon-web-services amazon-rds amazon-iam

Solution 1:

I signed up for paid support and here's the answer, in case it helps anyone else. I had to edit the trust policy on the IAM role like so:

{
    "Version": "2012-10-17",
    "Statement":
    [{
        "Effect": "Allow",
        "Principal": {"Service":  "rds.amazonaws.com"},
        "Action": "sts:AssumeRole"
    }]
}

Then I was able to add the option to the option group and the restore worked. Note that the trust policy is called "trust relationship" on the web console.

Solution 2:

Below is the policy for a role with the permissions that should work:

 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1472672338000",
      "Effect": "Allow",
      "Action": [
        "rds:*"
      ],
      "Resource": [
        "arn:aws:rds:us-west-2:123456789012:snapshot:ms-sql-rds-final-snapshot"
      ]
    }
  ]
}

Related

Azure Active Directory Domain Services (AD DS) change permissions on ADSI Containers without Enterprise / Domain Admin Rights
How to force BITS to download WSUS updates in foreground in Win Server 2012?
vCenter Server update procedure [closed]
Linux bond mode 802.3ad not activated
How to get the IP Address for a specific AWS ECS task?
DigitalOcean's object storage, Spaces, is randomly slow on retrieving small files
Strongswan: "received NO_PROPOSAL_CHOSEN error notify" while connecting to Cisco ASA
Doubts about DKIM verification (RFC6376)
Linux self recovering DHCP after really long downtime?
After upgrade from Debian 10 Buster to Debian 11 Bullseye security updates 404 not found
what is the relation between block size and IO?
Enable IKE tracing on windows 10 VPN