Home / server / Questions / 993633
In Process
Noor2122
Asked: 2019-11-29 06:33:15 +0800 CST

Unable to restore RDS oracle database, user is having RDSFullAccess

  • 772

I am trying to restore RDS Oracle database snapshot and getting an error like "you are not authorized to perform this operation. (Service:Amazon EC2; Status core: 403......)

Here the user trying to restore snapshot is already having RDSAullAccess permission which has the EC2-Describe permission.Error screenshot

Any help on this will be much appreciated.

rds

2 Answers

  1. This example shows how you might create an IAM policy to allow restoring an RDS instance via the API and the console.

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "rds:CreateDBParameterGroup",
                "rds:CreateDBSnapshot",
                "rds:DeleteDBSnapshot",
                "rds:Describe*",
                "rds:DownloadDBLogFilePortion",
                "rds:List*",
                "rds:ModifyDBInstance",
                "rds:ModifyDBParameterGroup",
                "rds:ModifyOptionGroup",
                "rds:RebootDBInstance",
                "rds:RestoreDBInstanceFromDBSnapshot",
                "rds:RestoreDBInstanceToPointInTime"
            ],
            "Resource": "*"
        }
    ]
}

    https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_rds_db-console.html

    • 0

  2. I as eventually able to find the cause of the issue, it was happening because the user were trying to create and attach a new SG instead of existing one.

    It took me long to figure out because in CloudTrail i was looking for snapshot related api calls only and there was nothing relevant and later when checked for all the logs during that time frame then it was easy to figure out.

    • 0