IAM Authentication for AWS RDS PostgreSQL

Owned by Rajeshwari Sajith
Apr 25, 2024
2 min read

IAM AUTHENTICATION:

References:

IAM database authentication for MariaDB, MySQL, and PostgreSQL - Amazon Relational Database Service

Using IAM authentication to connect with pgAdmin Amazon Aurora PostgreSQL or Amazon RDS for PostgreSQL | Amazon Web Services

 

  1. First, make sure that your database allows IAM Authentication. Do Pre requisites steps 1 through 3 then Navigate to Configuration Tab. Confirm that IAM DB authentication is Enabled

 

  1. To allow an IAM user or role to connect to your database instance or database cluster, you must create an IAM policy. After that, attach the policy to an IAM user or role. For more information, see Create and Attach Your First Customer Managed Policy.

You construct the policy document from the following four key pieces of data:

  • The Region of your cluster

  • Your AWS account number

  • The database resource ID or the cluster resource ID

  • Your database user name

For RDS:

  1. After you create your IAM user and attach your IAM policy to the user, create a database user with the same name that you specified in the policy. To use IAM authentication with PostgreSQL, connect to the database cluster, create the database user, and grant them the rds_iam role. You can connect as any user that has CREATE USER permissions and execute the following statements:

 

 

CREATE USER mydbuser WITH LOGIN; 

GRANT rds_iam TO mydbuser;

 

 

  1. Go back to dashboard and search for AWS RDS Postgresql and click connect 

 

  1. Click add new connection

 

 

  1. Choose Authentication as IAM authentication and fill in the required fields. The username used should be the created in step 3, add the access key and secret key of the IAM user that has the policy created in step 2, then click create connection

 

 

  1. Verify that credentials and setup are correct by checking if connection object lists will show similar to stanard authentication