Posted On: Sep 27, 2018

Amazon RDS enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for PostgreSQL DB instances. Database administrators can now associate database users with IAM users and roles. By using IAM, you can manage user access to all AWS resources from a single location, avoiding issues caused by permissions that are out of sync on different AWS resources.

You can choose to use IAM for database user authentication simply by selecting a checkbox during the DB instance creation process. Existing DB instances can also be modified to enable IAM authentication. Once this feature is enabled, database administrators can associate new and existing database users to IAM users and roles. Credentials can then be managed via IAM without needing to manage users in the database. This includes expanding and restricting permission levels, associating permissions with different roles, and revoking access. IAM authentication also allows easier and safer integration with your applications running on EC2.

After configuring the database for IAM authentication, client applications authenticate to the database engine by providing temporary security credentials generated by the IAM Security Token Service. These credentials are used instead of providing a password to the database engine.

Database IAM authentication is available for Amazon RDS database instances running PostgreSQL versions 9.5.13, 9.6.9, and 10.4 (and higher).

To learn more about enabling IAM authentication for your database instance, please refer to the Amazon RDS documentation. To learn more about IAM, refer to the AWS Identity and Access Management page.