From 63df0adc17fe8f9a8852881e6e5e99f2c9b5492a Mon Sep 17 00:00:00 2001
From: Will Thames <will@thames.id.au>
Date: Mon, 28 Aug 2017 11:52:22 -0500
Subject: [cloud] Update RDS parameter group for boto3 (#25345)

* Update RDS parameter group for boto3

* Update to boto3
* Update to latest ansible standards
* Remove choices list for valid engines (See #19221 for context)
* Allow tagging
* Return some useful information, and document that information

* Add tests for rds_param_group

* Improve testing of rds_param_group

* Add purge_tags option for rds_param_group

* Fix remaining broken rds_param_group tests

* Ensure the group name is lowercased. Fixes integration tests when run on OSX
---
 hacking/aws_config/testing_policies/rds-policy.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'hacking')

diff --git a/hacking/aws_config/testing_policies/rds-policy.json b/hacking/aws_config/testing_policies/rds-policy.json
index 6284bd56e2..e74f857b65 100644
--- a/hacking/aws_config/testing_policies/rds-policy.json
+++ b/hacking/aws_config/testing_policies/rds-policy.json
@@ -46,6 +46,23 @@
                 "arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*",
                 "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
             ]
+        },
+        {
+            "Sid": "AllowRDSParameterGroupManagement",
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBParameterGroups",
+                "rds:DescribeDBParameters",
+                "rds:CreateDBParameterGroup",
+                "rds:DeleteDBParameterGroup",
+                "rds:ModifyDBParameterGroup",
+                "rds:ListTagsForResource",
+                "rds:AddTagsToResource",
+                "rds:RemoveTagsFromResource"
+            ],
+            "Resource": [
+                "arn:aws:rds:{{aws_region}}:{{aws_account}}:pg:*"
+            ]
         }
     ]
 }
-- 
cgit v1.2.1