21.5 Manage AWS Access

Use the AWS Management Console to manage AWS access.

IDDetails: You need to specify the IDDetails in the trust policy when creating some of the IAM roles described in this chapter. The IDDetails to use depend on the situation:

• To grant access to a specific DB System in the tenancy, use <TenancyOCID>/<DBSystemResourceId> (see Viewing OCID of the Tenancy on how to find the OCID of the tenancy, and see Viewing DB System Details on how to find the resource ID of the DB System). For example:

  ocid1.tenancy.oc1..aaaaaaaaba4pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsk/5281bb96-99a1-23fe-a65f-370cd85b979g

• To grant access to all DB Systems in the tenancy, use <TenancyOCID>/*. For example:

  ocid1.tenancy.oc1..aaaaaaaaba4pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsk/*

Note:

If you are creating the IAM role to grant access to a specificDB System that is yet to be created, grant access to all DB Systems in the tenancy by using <TenancyOCID>/* first for the IDDetails, and once the DB System is created, update the trust policy to limit access to the new DB System by using <TenancyOCID>/<DBSystemResourceId> instead.

• Creating an IAM Policy to Access an Amazon S3 Bucket
  
• Creating an IAM Role to Access an Amazon S3 Bucket
  
• Creating an IAM Policy to Access Amazon Bedrock LLMs
  
• Creating an IAM Role to Access Amazon Bedrock LLMs
  
• Creating an IAM Role and Policy for CloudWatch Monitoring