Merge pull request #266 from vmercierfr/fix-cluster-permissions

Fix missing IAM permissions for DB clusters

Author: vmercierfr

README.md

@@ -291,6 +291,16 @@ If you are running on [AWS EKS](https://aws.amazon.com/eks/), we strongly recomm
                 "arn:aws:rds:*:*:db:*"
             ]
         },
+        {
+            "Sid": "AllowClusters",
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBClusters"
+            ],
+            "Resource": [
+                "arn:aws:rds:*:*:cluster:*"
+            ]
+        },
         {
             "Sid": "AllowMaintenanceDescriptions",
             "Effect": "Allow",

configs/aws/policy.json

@@ -20,6 +20,16 @@
                 "arn:aws:rds:*:*:db:*"
             ]
         },
+        {
+            "Sid": "AllowClusters",
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBClusters"
+            ],
+            "Resource": [
+                "arn:aws:rds:*:*:cluster:*"
+            ]
+        },
         {
             "Sid": "AllowMaintenanceDescriptions",
             "Effect": "Allow",
@@ -69,4 +79,4 @@
             "Resource": "*"
         }
     ]
-}
+}

configs/terraform/main.tf

@@ -36,6 +36,17 @@ data "aws_iam_policy_document" "prometheus-rds-exporter" {
     ]
   }
 
+  statement {
+    sid    = "AllowClusters"
+    effect = "Allow"
+    actions = [
+      "rds:DescribeDBClusters",
+    ]
+    resources = [
+      "arn:aws:rds:*:*:cluster:*",
+    ]
+  }
+
   statement {
     sid    = "AllowMaintenanceDescriptions"
     effect = "Allow"