IAM Authentication for AWS RDS MySQL

IAM AUTHENTICATION:

  1. First, make sure that your database allows IAM Authentication. Do Pre requisites steps 1 through 3 then Navigate to Configuration Tab. Confirm that IAM DB authentication is Enabled

  1. To allow an IAM user or role to connect to your database instance or database cluster, you must create an IAM policy. After that, attach the policy to an IAM user or role. For more information, see Create and Attach Your First Customer Managed Policy.

You construct the policy document from the following four key pieces of data:

  • The Region of your cluster

  • Your AWS account number

  • The database resource ID or the cluster resource ID

  • Your database user name

For RDS and AURORA:

  1. After you have your IAM user created and your IAM policy attached to the user, you must create a database user with the same name as you specified in the policy. In this policy It’s all dbusers. Grant all privileges to the user you created using these statements

CREATE USER mydbuser IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';

GRANT ALL ON`%`.* TO mydbuser@`%`;

  1. Go back to dashboard and search for AWS RDS MySQL and click connect

  1. Click add new connection

  1. Choose Authentication as IAM authentication and fill in the required fields. The username used should be the created in step 3, add the access key and secret key of the IAM user that has the policy created in step 2, then click create connection

  1. Verify that credentials and setup are correct by checking if connection object lists will show similar to standard authentication