Amazon Aurora with PostgreSQL Compatibility Supports IAM Authentication

Posted on: Nov 8, 2018

Amazon Aurora with PostgreSQL compatibility now supports AWS Identity and Access Management (IAM) to manage database access. Database administrators can associate database users with IAM users and roles. This way, you can manage user access to all AWS resources from a single location, avoiding issues caused by permissions being out of sync on different AWS resources.

You can choose to use IAM for database user authentication simply by selecting a checkbox during the DB cluster creation process. Existing DB clusters can also be modified to enable IAM authentication. Once enabled, you can associate new and existing database users to IAM users and roles. Credentials can then be managed via IAM, without having to manage users in the database. This includes expanding and restricting permission levels, associating permissions with different roles, and revoking access. IAM authentication also allows easier and safer integration with your applications running on Amazon EC2.

After configuring the database for IAM authentication, client applications authenticate to the database engine by providing temporary security credentials generated by the IAM Security Token Service. These credentials are used instead of providing a password to the database engine.

Database IAM authentication is available for Amazon Aurora PostgreSQL clusters compatible with PostgreSQL versions 9.6.9 and 10.4 (and higher). To learn more, please refer to the Amazon RDS documentation, and see the AWS Region Table for complete regional availability. To learn more about IAM, refer to the AWS Identity and Access Management page.