OtterTune Homepage ➪
Search…
OtterTune Documentation
Documentation
How OtterTune Works
Create an OtterTune Account
Connect Your Database
OtterTune Dashboard
AWS Permissions
Troubleshooting
Pricing
Frequently Asked Questions
Support
Release Notes
Powered By GitBook
AWS Permissions
The names and descriptions of the AWS permissions needed by OtterTune for monitoring and tuning.
OtterTune needs certain AWS permissions to monitor and tune your database. We describe the permissions requested by OtterTune for both of these activities below.

AWS Permissions for Monitoring

The following table describes the read-only permissions requested by OtterTune to monitor your database.
Permission
Description
aws-portal:ViewBilling
budgets:Describe*
ce:Describe*
ce:Get*
ce:List*
Used to get cost, usage, and budget data for OtterTune's cost-savings recommendations.
cloudwatch:Describe*
cloudwatch:Get*
cloudwatch:List*
Used to collect CloudWatch metric data.
iam:SimulatePrincipalPolicy
Used to verify that OtterTune's AWS IAM role has the correct permissions for monitoring and tuning activities.
pi:DescribeDimensionKeys
pi:GetResourceMetrics
Used to collect database load metric data.
pricing:Describe*
pricing:Get*
Used to collect AWS service, product, and pricing information.
rds:Describe*
rds:List*
Used to collect information about provisioned RDS instances.
rds-db:connect
Used to connect to your RDS database when using AWS IAM Database Authentication. Note that we only grant permissions for the OtterTune user. See here for details.

AWS Permissions for Tuning

The following table shows the write permissions needed by OtterTune to tune your database and describes how they are used.
OtterTune only needs these write permissions to tune your database. To monitor your database, OtterTune only requires the read-only permissions listed above.
Permission
Description
rds:ModifyDBParameterGroup
Used to modify the AWS DB Parameter Group when optimizing a database's configuration. This permission is only enabled for resources specified by the user. See here for details.
rds:ModifyDBClusterParameterGroup
(Aurora only) Used to modify the AWS DB Cluster Parameter Group when optimizing a database's configuration. This permission is only enabled for resources specified by the user. See here for details.
Previous
Database Configurations
Next - Documentation
Troubleshooting
Last modified 1mo ago
Copy link
Contents
AWS Permissions for Monitoring
AWS Permissions for Tuning