- Newest
- Most votes
- Most comments
You don't mention which database engine it is, but the example here for giving SQL Server access to S3 should by-and-large have what you need (you may need to tweak a few items for a different DB) https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/User.SQLServer.Options.S3-integration.html
You yourself will need a specific level of privileges within IAM to do that, which it doesn't seem that you have - PowerUserAccess gives you iam:CreateServiceLinkedRole, iam:DeleteServiceLinkedRole & iam:ListRoles which I don't think is enough for you to create a policy and attache to a role. You would need at least iam:CreatePolicy, iam:CreateRole, iam:AttachRolePolicy and maybe others https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentityandaccessmanagementiam.html
Relevant content
- asked 2 years ago
- Accepted Answerasked 4 months ago
- asked 2 months ago
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
I did say it is Oracle SE RDS above. Is there a difference in the three permissions you listed for SQL? Would admin grant those directly to account and is there any security risks granting those to DBA?
Yes, my bad, I see now that you mentioned Oracle.
I haven't done that myself so I'm just going by what is in the docs, but it looks like you will need the same IAM privileges as identified for SQL https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html
This goes through the same material from a slightly different viewpoint and may be of use https://aws.amazon.com/blogs/database/integrating-amazon-rds-for-oracle-with-amazon-s3/
The links you provided discuss the details for implementing S3 Integration but no mention of what IAM permissions needed. Did you see anything about permissions?
It's in my original answer
Is there a way to know what the "others" permissions could be so I can include them on the request?