rds:DescribeValidDBInstanceModifications is a List access-level action in the rds service. Grants permission to list available modifications you can make to your DB instance
ARNs that rds:DescribeValidDBInstanceModifications can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants rds:DescribeValidDBInstanceModifications.
Filters access by the set of tag key-value pairs attached to the resource
Filters access by the type of DB instance class
Filters access by the database engine. For possible values refer to the engine parameter in CreateDBInstance API
Filters access by the user-defined name of the database on the DB instance
Filters access by the value that specifies whether the DB instance runs in multiple Availability Zones. To indicate that the DB instance is using Multi-AZ, specify true
Filters access by the value that contains the number of Provisioned IOPS (PIOPS) that the instance supports. To indicate a DB instance that does not have PIOPS enabled, specify 0
Filters access by the value that specifies whether the DB instance storage should be encrypted. To enforce storage encryption, specify true
Filters access by the storage volume size (in GB)
Filters access by the value that specifies whether the DB instance runs in an Amazon Virtual Private Cloud (Amazon VPC). To indicate that the DB instance runs in an Amazon VPC, specify true
Filters access by the tag attached to a DB instance
A minimal policy that allows rds:DescribeValidDBInstanceModifications. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowRdsDescribeValidDBInstanceModifications",
"Effect": "Allow",
"Action": "rds:DescribeValidDBInstanceModifications",
"Resource": "*"
}
]
}