Posted On: Jul 8, 2020

Amazon Neptune now provides the flexibility to specify conditions in IAM policies using tags. Tags can be added to a Neptune resource such as a DB cluster or instance. Using tags, you can restrict management operations on the cluster without using the cluster or instance resource identifiers.

IAM policy for management operations such as create, modify, or delete require specifying a cluster resource id, which is available only after the cluster is created. Now using tags in IAM policy conditions, customers can configure access across all their existing or new Neptune clusters without modifying their IAM policy for each cluster. The list of condition keys supported in the policy are documented here and the list of actions supported in the IAM policy are documented here.

Tags in IAM policy are available in all regions where Neptune is currently available. To learn more about the feature and see examples of policy statements, please visit the documentation.