AWS RDS IAM Policy for Read Only Access and DB Logs Download

{ “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “rds:Describe*”, “rds:ListTagsForResource”, “rds:Download*”, “ec2:DescribeAccountAttributes”, “ec2:DescribeAvailabilityZones”, “ec2:DescribeSecurityGroups”, “ec2:DescribeVpcs” ], “Effect”: “Allow”, “Resource”: “*” }, { “Action”: [ “cloudwatch:GetMetricStatistics”, “logs:DescribeLogStreams”, “logs:GetLogEvents” ], “Effect”: “Allow”, “Resource”: “*” } ] }