From d3acbf7fae50a1a8fb3f24f3acc43014aed4b4f1 Mon Sep 17 00:00:00 2001
From: Alina Buzachis <abuzachis@redhat.com>
Date: Wed, 5 Jan 2022 12:04:57 +0100
Subject: [PATCH 1/2] Add policy for rds_cluster_snapshot

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>
---
 aws/policy/data-services.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml
index ffde649e..ad39fbec 100644
--- a/aws/policy/data-services.yaml
+++ b/aws/policy/data-services.yaml
@@ -96,6 +96,8 @@ Statement:
       - rds:CreateOptionGroup
       - rds:ModifyOptionGroup
       - rds:DeleteOptionGroup
+      - rds:CreateDBClusterSnapshot
+      - rds:DeleteDBClusterSnapshot
     Resource:
       - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
       - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table/*'

From 9c18c06413e7809ce67f635e0a480207faacc0e9 Mon Sep 17 00:00:00 2001
From: Alina Buzachis <abuzachis@redhat.com>
Date: Fri, 14 Jan 2022 11:10:25 +0100
Subject: [PATCH 2/2] Add resource

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>
---
 aws/policy/data-services.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml
index ad39fbec..eb725406 100644
--- a/aws/policy/data-services.yaml
+++ b/aws/policy/data-services.yaml
@@ -115,6 +115,7 @@ Statement:
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:og:*'
       - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:endpoint:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:snapshot:*'
+      - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:cluster-snapshot:*'
   - Sid: AllowGlobalRestrictedResourceActionsWhichIncurFees
     Effect: Allow
     Action: