DEV Community

leroykayanda
leroykayanda

Posted on

Connect to AWS RDS using IAM credentials

Ensure IAM authentication is enabled in RDS.

IAM Auth

Ensure the user that will connect to RDS has these permissions.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "rds-db:connect"
         ],
         "Resource":[
            "arn:aws:rds-db:<region>:<account-id>:dbuser:<DBInstanceResourceID>/<DatabaseUser>"
         ]
      }
   ]
}
Enter fullscreen mode Exit fullscreen mode

Log in using the master user and create a DB user with the rds_iam role.

CREATE USER db_user;
GRANT rds_iam TO db_user;
Enter fullscreen mode Exit fullscreen mode

Generate a password valid for 15min.

aws rds generate-db-auth-token \
  --hostname <dn-hostname> \
  --port 5432 \
  --username db_user
Enter fullscreen mode Exit fullscreen mode

Top comments (0)