Category: AWS Identity and Access Management (IAM)

Company policies usually do not allow database instances to have a public endpoint unless there is a specific business requirement. Although that protects those resources from public access over the internet, it also limits how users can connect to them from their computers. Frequently, database administrators and development teams try to overcome that restriction by […]

Amazon ElastiCache for Redis is a fully managed, Redis-compatible, in-memory caching service that provides microsecond speed to support real-time applications. ElastiCache for Redis combines the speed, simplicity, and versatility of open-source Redis with the reliability, scalability, manageability, and security from AWS to power the most demanding real-time applications in media and entertainment, financial services, ecommerce, AdTech, […]

Many software as a service (SaaS) customers on AWS are familiar with multi-tenancy and tenant isolation. Indeed, customers using MySQL, for instance, may have adopted the bridge model of multi-tenancy, where each tenant has access to their own isolated database or schema. AWS provides many tools and best practices to get started, but achieving database […]

October 2022: This post was reviewed and updated with a new architecture diagram and code updates to factor the change from CDK 1.x to CDK 2.x. Amazon ElastiCache for Redis is an AWS managed, Redis-compliant service that provides a high-performance, scalable, and distributed key-value data store that you can use as a database, cache, message […]

This blog post was last reviewed and updated October, 2023. Amazon Relational Database Service (RDS) enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for PostgreSQL database instances and Amazon Aurora PostgreSQL clusters. Database administrators can associate database users with IAM users and roles. With IAM database authentication, you don’t need to use a […]

AWS provides two managed PostgreSQL options: Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. Both support IAM authentication for managing access to your database. You can associate database users with IAM users and roles to manage user access to all databases from a single location, which avoids issues caused by permissions being out of sync […]

January 2024: This post was reviewed and updated for accuracy. Storing user names and passwords directly in applications is not a best practice. Saving credentials as plaintext should never occur in a secure application. As a solution, AWS Identity and Access Management (IAM) policies can assign permissions that determine who is allowed to manage Amazon […]

A common request that we get from customers is how to protect their resources from an accidental or malicious deletion, such as instances, snapshots, clusters, and so on. Doing this is especially important when you are using a common AWS account for multiple users or teams. Although you want the flexibility to innovate within the […]