Can't limit resource of rds:DescribePendingMaintenanceActions IAM permission

[vmercierfr]

Describe the bug

Prometheus RDS exporter rds:DescribePendingMaintenanceActions IAM permission can't be restricted to specific RDS instances

Desktop (please complete the following information):

• OS: Linux
• Prometheus RDS exporter's version: 0.5.1
• RDS engine: All

To Reproduce

1. Limit IAM permissions for rds:DescribePendingMaintenanceActions action to specific RDS instances or wildcard

   {
   	"Version": "2012-10-17",
   	"Statement": [
   		{
   			"Sid": "AllowMaintenanceDescriptions",
   			"Effect": "Allow",
   			"Action": "rds:DescribePendingMaintenanceActions",
   			"Resource": [
   				"arn:aws:rds:*:*:cluster:*",
   				"arn:aws:rds:*:*:db:*"
   			]
   		}
   	]
   }

2. Scrape exporter metrics

   {"time":"2023-12-20T16:44:13.316531086Z","level":"ERROR","msg":"can't scrape metrics: can't fetch RDS metrics: can't get RDS maintenances: can't describe pending maintenance actions: operation error RDS: DescribePendingMaintenanceActions, https response error StatusCode: 403, RequestID: truncated, api error AccessDenied: User: arn:aws:sts::truncated:assumed-role/service.prometheus-rds-exporter/1703090605975336014 is not authorized to perform: rds:DescribePendingMaintenanceActions because no identity-based policy allows the rds:DescribePendingMaintenanceActions action"}

Expected behavior

The exporter should not return any error when all RDS instances/clusters are allowed

Additional context

No parameters specified in DescribePendingMaintenanceActions input parameters (see code)

inputMaintenance := &aws_rds.DescribePendingMaintenanceActionsInput{}
maintenances, err := r.client.DescribePendingMaintenanceActions(context.TODO(), inputMaintenance)

Second bug: Maintenance should be incorrect in environments with more than 100 RDS instances since DescribePendingMaintenanceActions is limited to 100 instances, and we are not using the pagination.