I'd like to programmatically list my RDS database instances and cluster snapshots, so I've attached the following IAM policy directly to one of my users:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ReadProdSnapshotsAndInstances",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBClusterSnapshots"
],
"Resource": "*"
}
]
}
But when I execute the following as that user (using the AWS Node.js SDK)...
rds.describeDBInstances({}, (error, data) => {
...
});
...I get the following error:
AccessDenied: User: arn:aws:iam::<accountId>:user/<userName> is not authorized to perform: rds:DescribeDBInstances
Any idea what I'm doing wrong? This seems like it should be so simple.