AWS Announced that starting 30.10.2024 some new RDS API permissions will be needed.
On August 15, 2024, we implemented a change to database snapshot creation when using the "DeleteDBCluster" [1], "DeleteDBInstance" [2] , "DeleteTenantDatabase" [3] and "StopDBInstance" APIs [4].
If you want to create a final snapshot of the database when calling "DeleteDBInstance" or "DeleteTenantDatabase" or "StopDBInstance", you must have an IAM Allow effect for the "rds:CreateDBSnapshot" permission.
Similarly, if you want to create a final snapshot of a database cluster when calling "DeleteDBCluster", you must have an IAM Allow effect for the "rds:CreateDBClusterSnapshot" permission.
Additionally, if the database instance or database cluster has CopyTagsToSnapshot enabled and you are calling “DeleteDBInstance” or “DeleteDBCluster” or “StopDBInstance”, you must have an IAM allow effect “rds:AddTagsToResource” permission for the "DBSnapshot" resource.
In case of “DeleteTenantDatabase” you must have an IAM allow effect "rds:AddTagsToResource" permission for "DBSnapshot" and "Snapshot-tenant-database" resources.
following permissions are not included as of v3.0.4
AWS Announced that starting 30.10.2024 some new RDS API permissions will be needed.
following permissions are not included as of v3.0.4
rds:CreateDBSnapshot rds:CreateDBClusterSnapshot