This topic describes how to grant backup file download permissions to a RAM user with read-only permissions. For security purposes, a RAM user with read-only permissions cannot download backup files.
Procedure
Log on to the Resource Access Management (RAM) console.
In the left-side navigation pane, choose
.Click Create Policy. On the page that appears, click the JSON tab and enter the following policy content. Then, click OK.
{ "Statement": [ { "Effect": "Allow", "Action": [ "rds:Describe*", "rds:ModifyBackupPolicy", "rds:CheckRegionSupportBackupEncryption" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dbs:CreateDownload", "dbs:DescribeDBInstanceDownloadSize" ], "Resource": "*" } ], "Version": "1" }
On the Create Policy dialog box, configure Name and Description for the policy and then click OK.
In the left-side navigation pane, choose
.Click Grant Permission to attach the new policy to the RAM user. For more information, see Method 2: Grant permissions to a RAM user on the Grants page.
Click Grant permissions.