Change log of AWS IAM permissions

2025-07-01

46 new actions, 6 new resources, 3 new conditions

Additions

Actions

AcceptMarketplaceRegistration
- Description: Grants permission to register the Amazon Web Services Marketplace token for your Amazon Web Services account to activate your Oracle Database@Amazon Web Services subscription
- Access: Write
CreateCloudAutonomousVmCluster
- Description: Grants permission to create a new Autonomous VM cluster in the specified Exadata infrastructure
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
  
  Name: odb-network
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateCloudExadataInfrastructure
- Description: Grants permission to create an Exadata infrastructure
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateCloudVmCluster
- Description: Grants permission to create a VM cluster on the specified Exadata infrastructure
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
  
  Name: odb-network
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateDbNode
- Description: Grants permission to create a DB Node
- Access: Write
- Resources:
  Name: db-node
  
  Required: Yes
CreateOdbNetwork
- Description: Grants permission to create an ODB network
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateOdbPeeringConnection
- Description: Grants permission to create an ODB Peering Connection
- Access: Write
- Resources:
  Name: odb-network
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateOutboundIntegration
- Description: Grants permission to create an Outbound Integration
- Access: Write
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: Yes
  
  Name: cloud-vm-cluster
  
  Required: Yes
DeleteCloudAutonomousVmCluster
- Description: Grants permission to Deletes an Autonomous VM cluster
- Access: Write
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: Yes
DeleteCloudExadataInfrastructure
- Description: Grants permission to delete a specified Exadata infrastructure. Before you use this operation, make sure to delete all of the VM clusters that are hosted on this Exadata infrastructure
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
DeleteCloudVmCluster
- Description: Grants permission to delete a specified VM cluster
- Access: Write
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
DeleteDbNode
- Description: Grants permission to delete a DB Node
- Access: Write
- Resources:
  Name: db-node
  
  Required: Yes
DeleteOdbNetwork
- Description: Grants permission to delete the specified ODB network
- Access: Write
- Resources:
  Name: odb-network
  
  Required: Yes
DeleteOdbPeeringConnection
- Description: Grants permission to delete the specified ODB Peering Connection. When you delete an ODB peering connection, the underlying VPC peering connection is also deleted
- Access: Write
- Resources:
  Name: odb-peering-connection
  
  Required: Yes
DeleteResourcePolicy
- Description: Grants permission to delete a resource policy
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
  
  Name: odb-network
  
  Required: Yes
GetCloudAutonomousVmCluster
- Description: Grants permission to get information about a specific Autonomous VM cluster
- Access: Read
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: Yes
GetCloudExadataInfrastructure
- Description: Grants permission to get information about the specified Exadata infrastructure
- Access: Read
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
GetCloudExadataInfrastructureUnallocatedResources
- Description: Grants permission to retrieve information about unallocated resources in a specified Cloud Exadata Infrastructure
- Access: Read
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
GetCloudVmCluster
- Description: Grants permission to get information about the specified VM cluster
- Access: Read
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
GetDbNode
- Description: Grants permission to get information about the specified DB node
- Access: Read
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
  
  Name: db-node
  
  Required: Yes
GetDbServer
- Description: Grants permission to get information about the specified database server
- Access: Read
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
GetOciOnboardingStatus
- Description: Grants permission to get the tenancy activation link and onboarding status for your Amazon Web Services account
- Access: Read
GetOdbNetwork
- Description: Grants permission to get information about the specified ODB network
- Access: Read
- Resources:
  Name: odb-network
  
  Required: Yes
GetOdbPeeringConnection
- Description: Grants permission to get information about the specified ODB Peering connection
- Access: Read
- Resources:
  Name: odb-peering-connection
  
  Required: Yes
GetResourcePolicy
- Description: Grants permission to get a resource policy
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
  
  Name: odb-network
  
  Required: Yes
InitializeService
- Description: Grants permission to initialize the ODB service for the first time in an account
- Access: Write
ListAutonomousVirtualMachines
- Description: Grants permission to list all Autonomous VMs in an Autonomous VM cluster
- Access: Read
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: No
ListCloudAutonomousVmClusters
- Description: Grants permission to list all Autonomous VM clusters in a specified Cloud Exadata infrastructure
- Access: List
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: No
ListCloudExadataInfrastructures
- Description: Grants permission to list information about the Exadata infrastructures owned by your Amazon Web Services account
- Access: List
ListCloudVmClusters
- Description: Grants permission to list information about the VM clusters owned by your Amazon Web Services account or only the ones on the specified Exadata infrastructure
- Access: List
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: No
ListDbNodes
- Description: Grants permission to list information about the DB nodes for the specified VM cluster
- Access: List
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
ListDbServers
- Description: Grants permission to list information about the database servers that belong to the specified Exadata infrastructure
- Access: Read
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
ListDbSystemShapes
- Description: Grants permission to list information about the shapes that are available for an Exadata infrastructure
- Access: Read
ListGiVersions
- Description: Grants permission to list information about Oracle Grid Infrastructure (GI) software versions that are available for a VM cluster for the specified shape
- Access: Read
ListOdbNetworks
- Description: Grants permission to list information about the ODB networks owned by your Amazon Web Services account
- Access: List
ListOdbPeeringConnections
- Description: Grants permission to list all ODB peering connections or those associated with a specific ODB network
- Access: List
- Resources:
  Name: odb-network
  
  Required: No
ListSystemVersions
- Description: Grants permission to list information about the system versions that are available for a VM cluster for the specified giVersion and shape
- Access: Read
ListTagsForResource
- Description: Grants permission to list information about the tags applied to this resource
- Access: Read
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: No
  
  Name: cloud-exadata-infrastructure
  
  Required: No
  
  Name: cloud-vm-cluster
  
  Required: No
  
  Name: db-node
  
  Required: No
  
  Name: odb-network
  
  Required: No
  
  Name: odb-peering-connection
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
PutResourcePolicy
- Description: Grants permission to update a resource policy
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
  
  Name: odb-network
  
  Required: Yes
RebootDbNode
- Description: Grants permission to reboot the specified DB node in a VM cluster
- Access: Read
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
  
  Name: db-node
  
  Required: Yes
StartDbNode
- Description: Grants permission to start the specified DB node in a VM cluster
- Access: Read
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
  
  Name: db-node
  
  Required: Yes
StopDbNode
- Description: Grants permission to stop the specified DB node in a VM cluster
- Access: Read
- Resources:
  Name: cloud-vm-cluster
  
  Required: Yes
TagResource
- Description: Grants permission to apply tags to the specified resource
- Access: Tagging
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: No
  
  Name: cloud-exadata-infrastructure
  
  Required: No
  
  Name: cloud-vm-cluster
  
  Required: No
  
  Name: db-node
  
  Required: No
  
  Name: odb-network
  
  Required: No
  
  Name: odb-peering-connection
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
UntagResource
- Description: Grants permission to remove tags from the specified resource
- Access: Tagging
- Resources:
  Name: cloud-autonomous-vm-cluster
  
  Required: No
  
  Name: cloud-exadata-infrastructure
  
  Required: No
  
  Name: cloud-vm-cluster
  
  Required: No
  
  Name: db-node
  
  Required: No
  
  Name: odb-network
  
  Required: No
  
  Name: odb-peering-connection
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
UpdateCloudExadataInfrastructure
- Description: Grants permission to update the properties of an Exadata infrastructure resource
- Access: Write
- Resources:
  Name: cloud-exadata-infrastructure
  
  Required: Yes
UpdateOdbNetwork
- Description: Grants permission to update properties of a specified ODB network
- Access: Write
- Resources:
  Name: odb-network
  
  Required: Yes

Resources

cloud-autonomous-vm-cluster
- Arn: arn:${Partition}:odb:${Region}:${Account}:cloud-autonomous-vm-cluster/${CloudAutonomousVmClusterId}
- Conditions:
  aws:ResourceTag/${TagKey}
cloud-exadata-infrastructure
- Arn: arn:${Partition}:odb:${Region}:${Account}:cloud-exadata-infrastructure/${CloudExadataInfrastructureId}
- Conditions:
  aws:ResourceTag/${TagKey}
cloud-vm-cluster
- Arn: arn:${Partition}:odb:${Region}:${Account}:cloud-vm-cluster/${CloudVmClusterId}
- Conditions:
  aws:ResourceTag/${TagKey}
db-node
- Arn: arn:${Partition}:odb:${Region}:${Account}:db-node/${DbNodeId}
- Conditions:
  aws:ResourceTag/${TagKey}
odb-network
- Arn: arn:${Partition}:odb:${Region}:${Account}:odb-network/${OdbNetworkId}
- Conditions:
  aws:ResourceTag/${TagKey}
odb-peering-connection
- Arn: arn:${Partition}:odb:${Region}:${Account}:odb-peering-connection/${OdbPeeringConnectionId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by a tag key and value pair that is allowed in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by a tag key and value pair of a resource
- Type: String
aws:TagKeys
- Description: Filters access by a list of tag keys that are allowed in the request
- Type: ArrayOfString

AWS Service - Oracle Database@AWS (odb)

Additions