Adding and editing resource-based policies for clusters

To add a resource-based policy to an existing cluster

Sign in to the AWS Management Console and open the Aurora DSQL console at https://console.aws.amazon.com/dsql/.
Choose your cluster from the cluster list to open the cluster details page.
Choose the Permissions tab.
In the Resource-based policy section, choose Add policy.
Enter your policy document in the JSON editor. You can use Edit statement or Add new statement to build your policy.
Choose Add policy.

To edit an existing resource-based policy

Sign in to the AWS Management Console and open the Aurora DSQL console at https://console.aws.amazon.com/dsql/.
Choose your cluster from the cluster list to open the cluster details page.
Choose the Permissions tab.
In the Resource-based policy section, choose Edit.
Modify the policy document in the JSON editor. You can use Edit statement or Add new statement to update your policy.
Choose Save changes.

Use the put-cluster-policy command to attach a new policy or update an existing policy on a cluster:


aws dsql put-cluster-policy --identifier your_cluster_id --policy '{
    "Version": "2012-10-17",		 	 	 
    "Statement": [{
        "Effect": "Deny",
        "Principal": {"AWS": "*"},
        "Resource": "*",
        "Action": ["dsql:DbConnect", "dsql:DbConnectAdmin"],
        "Condition": { 
            "Null": { "aws:SourceVpc": "true" } 
        }
    }]
}'

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create with policies

View Policy