Posted On: Feb 24, 2022
Amazon Relational Database Service (Amazon RDS) now enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for MariaDB instances. Database administrators can now associate database users with IAM users and roles. By using IAM, you can manage user access to AWS resources from a single location, avoiding issues caused by permissions that are out of sync on different AWS resources.
You can use IAM for database user authentication by selecting a checkbox during the DB instance creation process. Existing DB instances can also be modified to enable IAM authentication. Once this feature is enabled, database administrators can associate new and existing database users to IAM users and roles. Credentials can then be managed via IAM without managing users in the database. This includes expanding and restricting permission levels, associating permissions with different roles, and revoking access. IAM authentication also helps with easier integration with your applications running on Amazon EC2.
After configuring the database for IAM authentication, client applications authenticate to the database engine by providing temporary security credentials generated by the IAM Security Token Service. These credentials are used instead of providing a password to the database engine.
Database IAM authentication is available for Amazon RDS database instances running MariaDB versions 10.6.5 and higher.
To learn more about enabling IAM authentication for your database instance, please refer to the Amazon RDS documentation and AWS Database Blog. To learn more about IAM, refer to the AWS Identity and Access Management page.