# IAM resource types for administering Amazon Neptune Neptune supports the resource types in the following table for use in the `Resource` element of IAM administration policy statements. For more information about the `Resource` element, see [IAM JSON Policy Elements: Resource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html). The [list of Neptune administration actions](neptune-iam-admin-actions.md) identifies the resource types that can be specified with each action. A resource type also determines which condition keys you can include in a policy, as specified in the last column of the table below. The `ARN` column in the table below specifies the Amazon Resource Name (ARN) format that you must use to reference resources of this type. The portions that are preceded by a ` $ ` must be replaced by the actual values for your scenario. For example, if you see `$user-name` in an ARN, you must replace that string either with the actual IAM user's name or with a policy variable that contains an IAM user name. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns), and [Working with administrative ARNs in Amazon Neptune](tagging-arns.md). The` Condition Keys `column specifies condition context keys that you can include in an IAM policy statement only when both this resource and a compatible supporting action are included in the statement. **** | Resource Types | ARN | Condition Keys | | --- | --- | --- | | `cluster` (a DB cluster) | arn:partition:rds:region:account-id:cluster:instance-name | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) [rds:cluster-tag/*tag-key*](iam-admin-condition-keys.md#admin-rds_cluster-tag) | | `cluster-pg` (a DB cluster parameter group) | arn:partition:rds:region:account-id:cluster-pg:neptune-DBClusterParameterGroupName | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) | | `cluster-snapshot` (a DB cluster snapshot) | arn:partition:rds:region:account-id:cluster-snapshot:neptune-DBClusterSnapshotName | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) [rds:cluster-snapshot-tag/*tag-key*](iam-admin-condition-keys.md#admin-rds_cluster-snapshot-tag) | | `db` (a DB instance) | arn:partition:rds:region:account-id:db:neptune-DbInstanceName | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) [rds:DatabaseClass](iam-admin-condition-keys.md#admin-rds_DatabaseClass) [rds:DatabaseEngine](iam-admin-condition-keys.md#admin-rds_DatabaseEngine) [rds:db-tag/*tag-key*](iam-admin-condition-keys.md#admin-rds_db-tag) | | `es` (an event subscription) | arn:partition:rds:region:account-id:es:neptune-CustSubscriptionId | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) [rds:es-tag/*tag-key*](iam-admin-condition-keys.md#admin-rds_es-tag) | | `pg` (a DB parameter group) | arn:partition:rds:region:account-id:pg:neptune-ParameterGroupName | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) [rds:pg-tag/*tag-key*](iam-admin-condition-keys.md#admin-rds_pg-tag) | | `subgrp` (a DB subnet group) | arn:partition:rds:region:account-id:subgrp:neptune-DBSubnetGroupName\$1 | [aws:ResourceTag/*tag-key*](iam-admin-condition-keys.md#admin-aws_ResourceTag) [rds:subgrp-tag/*tag-key*](iam-admin-condition-keys.md#admin-rds_subgrp-tag) |