Updated on 2024-11-19 GMT+08:00

RDS Actions

Table 1 Common query actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Querying the DB engine version

GET /v3/{projectId}/datastores/{database_name}

No action required

×

Querying database specifications

GET /v3/{project_id}/flavors/{database_name}?version_name={version_name}

No action required

×

Querying the storage type

GET /v3/{project_id}/storage-type/{database_name}?version_name={version_name}

No action required

×

Table 2 Instance management actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Creating a DB instance

POST /v3/{project_id}/instances

rds:instance:create

(To create an encrypted DB instance, you need to configure the KMS Administrator permission in the project.)

×

Changing a DB instance name

PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/name

rds:instance:modify

Changing a DB instance description

PUT

https://{Endpoint}/v3/{project_id}/instances/{instance_id}/alias

rds:instance:modify

Applying for a private domain name

POST

https://{Endpoint}/v3/{project_id}/instances/{instance_id}/create-dns

rds:instance:createDns

×

Modifying a private domain name

PUT

https://{Endpoint}/v3/{project_id}/instances/{instance_id}/modify-dns

rds:instance:modifyDns

Changing DB instance specifications

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:modifySpec

×

Scaling up storage space

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:extendSpace

Changing a DB instance type from single to primary/standby

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:singleToHa

(The KMS Administrator permission needs to be configured for the encrypted DB instance in the project.)

Rebooting a DB instance

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:restart

Deleting a DB instance

DELETE /v3/{project_id}/instances/{instance_id}

rds:instance:delete

Querying DB instances

GET /v3/{project_id}/instances

rds:instance:list

Querying DB instances for which cross-region backups are created

GET /v3/{project_id}/backups/offsite-backup-instance

rds:instance:list

Binding or unbinding an EIP

PUT /v3/{project_id}/instances/{instance_id}/public-ip

rds:instance:modifyPublicAccess

×

Changing a DB instance password

PUT /v3/{project_id}/instances/{instance_id}/password

rds:password:update

Performing a manual switchover

PUT /v3/{project_id}/instances/{instance_id}/failover

rds:instance:switchover

Changing a failover priority

PUT /v3/{project_id}/instances/{instance_id}/failover/strategy

rds:instance:modifyStrategy

Changing a replication mode

PUT /v3/{project_id}/instances/{instance_id}/failover/mode

rds:instance:modifySynchronizeModel

Changing a maintenance window

PUT

/v3/{project_id}/instances/{instance_id}/ops-window

rds:instance:modify

Migrating the standby DB instance to another AZ

POST /v3/{project_id}/instances/{instance_id}/migrateslave

rds:instance:create

×

Table 3 Database security actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Configuring SSL

PUT /v3/{project_id}/instances/{instance_id}/ssl

rds:instance:modifySSL

Changing a database port

PUT /v3/{project_id}/instances/{instance_id}/port

rds:instance:modifyPort

Changing a floating IP address

PUT /v3/{project_id}/instances/{instance_id}/ip

rds:instance:modifyIp

Changing a security group

PUT /v3/{project_id}/instances/{instance_id}/security-group

rds:instance:modifySecurityGroup

Table 4 Parameter configuration actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Obtaining parameter templates

GET /v3/{project_id}/configurations

rds:param:list

Creating a parameter template

POST /v3/{project_id}/configurations

rds:param:create

×

Modifying parameters in a parameter template

PUT /v3/{project_id}/configurations/{config_id}

rds:param:modify

Applying a parameter template

PUT /v3/{project_id}/configurations/{config_id}/apply

rds:param:apply

×

Modifying parameters of a specified DB instance

PUT /v3/{project_id}/instances/{instance_id}/configurations

rds:param:modify

Obtaining the parameter template of a specified DB instance

GET /v3/{project_id}/instances/{instance_id}/configurations

rds:param:list

Obtaining parameters of a specified parameter template

GET /v3/{project_id}/configurations/{config_id}

rds:param:list

Deleting a parameter template

DELETE /v3/{project_id}/configurations/{config_id}

rds:param:delete

×

Table 5 Backup and restoration actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Configuring an automated backup policy

PUT /v3/{project_id}/instances/{instance_id}/backups/policy

rds:instance:modifyBackupPolicy

Configuring a cross-region backup policy

PUT /v3/{project_id}/instances/{instance_id}/backups/offsite-policy

rds:instance:modifyBackupPolicy

Querying an automated backup policy

GET /v3/{project_id}/instances/{instance_id}/backups/policy

rds:instance:list

Querying a cross-region backup policy

GET /v3/{project_id}/instances/{instance_id}/backups/offsite-policy

rds:instance:list

Creating a manual backup

POST /v3/{project_id}/backups

rds:backup:create

×

Obtaining backups

GET /v3/{project_id}/backups?instance_id={instance_id}

rds:backup:list

×

Querying cross-region backups

GET /v3/{project_id}/offsite-backups?instance_id={instance_id}

rds:backup:list

×

Obtaining the link for downloading a backup

GET /v3/{project_id}/backup-files?backup_id={backup_id}

rds:backup:download

×

Deleting a manual backup

DELETE /v3/{project_id}/backups/{backup_id}

rds:backup:delete

×

Querying the restoration time range

GET /v3/{project_id}/instances/{instance_id}/restore-time

rds:instance:list

×

Querying the restoration time range of a cross-region backup

GET /v3/{project_id}/instances/{instance_id}/offsite-restore-time

rds:instance:list

×

Restoring data to a new DB instance

POST /v3/{project_id}/instances

rds:instance:create

(The KMS Administrator permission needs to be configured for the encrypted DB instance in the project.)

×

Restoring data to an existing or original DB instance

POST /v3/{project_id}/instances/recovery

rds:instance:restoreInPlace

×

Table 6 Log query actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Querying error logs

GET /v3/{project_id}/instances/{instance_id}/errorlog?start_date={start_date}&end_date={end_date}

rds:log:list

Querying slow query logs

GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date}

rds:log:list

Setting a policy for audit logs

PUT

/v3/{project_id}/instances/{instance_id}/auditlog-policy

rds:auditlog:operate

Querying the policy for audit logs

GET

/v3/{project_id}/instances/{instance_id}/auditlog-policy

rds:auditlog:list

Obtaining audit logs

GET

/v3/{project_id}/instances/{instance_id}/auditlog?start_time={start_time}&end_time={end_time}&offset={offset}&limit={limit}

rds:auditlog:list

Obtaining the link for downloading an audit log

POST

/v3/{project_id}/instances/{instance_id}/auditlog-links

rds:auditlog:download

Obtaining the link for downloading a slow query log

POST

/v3/{project_id}/instances/{instance_id}/slowlog-download

rds:log:download

Obtaining the local retention period of binlogs

GET /v3/{project_id}/instances/{instance_id}/binlog/clear-policy

rds:binlog:get

Setting the local retention period of binlogs

PUT /v3/{project_id}/instances/{instance_id}/binlog/clear-policy

rds:binlog:setPolicy

Table 7 Database and account management actions (RDS for MySQL)

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Creating a database

POST /v3/{project_id}/instances/{instance_id}/database

rds:database:create

Querying databases

GET /v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit}

rds:database:list

Querying authorized databases of a specified account

GET /v3/{project_id}/instances/{instance_id}/db_user/database?user-name={user-name}&page={page}&limit={limit}

rds:database:list

Deleting a database

DELETE /v3/{project_id}/instances/{instance_id}/database/{db_name}

rds:database:drop

Creating a database account

POST /v3/{project_id}/instances/{instance_id}/db_user

rds:databaseUser:create

Querying database users

GET /v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit}

rds:databaseUser:list

Querying authorized users of a specified database

GET /v3/{project_id}/instances/{instance_id}/database/db_user?db-name={db-name}&page={page}&limit={limit}

rds:databaseUser:list

Modifying remarks of a database user

PUT /v3/{project_id}/instances/{instance_id}/db-users/{user_name}/comment

rds:databaseUser:update

Deleting a database account

DELETE /v3/{project_id}/instances/{instance_id}/db_user/{user_name}

rds:databaseUser:drop

Authorizing a database account

POST /v3/{project_id}/instances/{instance_id}/db_privilege

rds:databasePrivilege:grant

Changing the password for a database account

POST /v3/{project_id}/instances/{instance_id}/db_user/resetpwd

rds:password:update

Revoking permissions of a database account

DELETE /v3/{project_id}/instances/{instance_id}/db_privilege

rds:databasePrivilege:revoke

Table 8 Database and account management actions (RDS for PostgreSQL)

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Creating a database

POST /v3/{project_id}/instances/{instance_id}/database

rds:database:create

Creating a database account

POST /v3/{project_id}/instances/{instance_id}/db_user

rds:databaseUser:create

Authorizing a database account

POST /v3/{project_id}/instances/{instance_id}/db_privilege

rds:databasePrivilege:grant

Creating a database schema

POST

/v3/{project_id}/instances/{instance_id}/schema

rds:database:create

Querying databases

GET

/v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit}

rds:database:list

Querying database users

GET

/v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit}

rds:databaseUser:list

Querying database schemas

GET

/v3/{project_id}/instances/{instance_id}/schema/detail?db_name={name}page={page}&limit={limit}

rds:database:list

Modifying remarks of a database user

PUT /v3/{project_id}/instances/{instance_id}/db-users/{user_name}/comment

rds:databaseUser:update

Table 9 Recycle bin actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Modifying the recycling policy

PUT https://{Endpoint}/v3/{project_id}/instances/recycle-policy

rds:instance:setRecycleBin

×

×

Table 10 Tag management actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Adding or deleting tags in batches

POST /v3/{project_id}/instances/{instance_id}/tags/action

rds:instance:dealTag

Querying project tags

GET

/v3/{project_id}/tags

rds:tag:list

×

Table 11 Quota management actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Querying resource quotas

GET https://{Endpoint}/v3/{project_id}/quotas

rds:instance:list

Table 12 Task actions

Permission

API

Action

IAM Project

Enterprise Project

Authorization by Instance

Obtaining task information

GET /v3/{project_id}/jobs?id={id}

rds:task:list

×