Posted On: Oct 29, 2019

Amazon RDS for PostgreSQL now supports external authentication of database users using Kerberos and Microsoft Active Directory.  

Amazon RDS for PostgreSQL support for Kerberos and Microsoft Active Directory provides the benefits of single sign-on and centralized authentication of PostgreSQL Database users. Keeping all of your user credentials in the same Active Directory will save you time and effort as you will now have a centralized place for storing and managing them for multiple DB instances. 

With this feature, in addition to the password-based and IAM based authentication methods, you can now authenticate using AWS Managed Microsoft AD Service. You can enable your database users to authenticate against Amazon RDS for PostgreSQL using either the credentials stored in the AWS Directory Service for Microsoft Active Directory, or the credentials stored in your on-premises Microsoft Active Directory, with forest trust relationship established between your on-premise Active Directory and an AWS Managed Active Directory. You can use the same Active Directory for different VPCs within the same AWS region. You can also join Amazon RDS for PostgreSQL instances to shared Active Directory domains owned by different accounts. 

PostgreSQL versions 11.4, 10.9 and above are supported with Active Directory integration. To use your existing on premise Microsoft Active Directory, follow the steps above to set up an AWS managed Active Directory first, then set up a forest trust relationship between your on premise directory and the AWS Managed AD by following the steps shown here.  

Amazon RDS for PostgreSQL makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability.