Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

rds database security.

0

I have a database instance called hatecholo-db in RDS. I am a root user , username:moslemsikder@yahoo.com. I have created user credential for the project manager who also is needed to work with the database. But I don't want he to change password for database : hatecholo-db who is an IAM user. How to do the needful step by step?

Topics
AnalyticsMigration & ModernizationDatabase
Tags
Amazon Relational Database Service
Language
English
asked 2 years ago288 views
1 Answer
0

Hello,

First of all, create an IAM user for you and everyone who will access the AWS account it's recommended not to use root account for performing everyday tasks or recommended best practise is to use federation with an AWS identity provider to access AWS using temporary credentials instead of using IAM users with long-term credentials.

To ensure the project manager can access the RDS database through the console but cannot change the password. Create a policy that deny permissions to modifyDB instance and attach it to the IAM user.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds:Describe*",
        "rds:List*"
      ],
      "Resource": "arn:aws:rds:region:account-id:db:hatecholo-db"
    },
    {
      "Effect": "Deny",
      "Action": "rds:ModifyDBInstance",
      "Resource": "arn:aws:rds:region:account-id:db:hatecholo-db"
    }
  ]
}
EXPERT
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content