AWS Permissions
The names and descriptions of the AWS permissions needed by OtterTune for monitoring and tuning.
OtterTune needs certain AWS permissions to monitor and tune your database. We describe the permissions requested by OtterTune for both of these activities below.
AWS Permissions for Monitoring
The following table describes the read-only permissions requested by OtterTune to monitor your database.
Permission
Description
aws-portal:ViewBillingbudgets:Describe*ce:Describe*ce:Get*ce:List*Used to get cost, usage, and budget data for OtterTune's cost-savings recommendations.
cloudwatch:Describe*cloudwatch:Get*cloudwatch:List*Used to collect CloudWatch metric data.
iam:SimulatePrincipalPolicyUsed to verify that OtterTune's AWS IAM role has the correct permissions for monitoring and tuning activities.
pi:DescribeDimensionKeyspi:GetResourceMetricsUsed to collect database load metric data.
pricing:Describe*pricing:Get*Used to collect AWS service, product, and pricing information.
rds:Describe*rds:List*Used to collect information about provisioned RDS instances.
rds-db:connectUsed to connect to your RDS database when using AWS IAM Database Authentication. Note that we only grant permissions for the OtterTune user. See here for details.
AWS Permissions for Tuning
The following table shows the write permissions needed by OtterTune to tune your database and describes how they are used.
OtterTune only needs these write permissions to tune your database. To monitor your database, OtterTune only requires the read-only permissions listed above.
Permission
Description
rds:ModifyDBParameterGroupUsed to modify the AWS DB Parameter Group when optimizing a database's configuration. This permission is only enabled for resources specified by the user. See here for details.
rds:ModifyDBClusterParameterGroup(Aurora only) Used to modify the AWS DB Cluster Parameter Group when optimizing a database's configuration. This permission is only enabled for resources specified by the user. See here for details.
Last modified 6mo ago
Copy link