Skip to main content

Cloud

Enabling AWS IAM DB Authentication

by on December 24th, 2024 | ~ minute read

Futuristic Technology Innovation Background

IAM Database Authentication lets you log in to your Amazon RDS database using your IAM credentials. This makes it easier to manage access, improves security, and provides more control over who can do what. Let’s look at how to set it up and use it effectively.

Objective:

IAM DB Authentication improves security, enables centralized user management, supports auditing, and ensures scalability for database access.

How it Works:

We can enable and use this feature in simple three steps:

  1. Enabling IAM DB authentication
  2. Enabling RDS access to AWS IAM User,
  3. Generating Token & Connecting DB using AWS IAM user.

 To Enable IAM DB Authentication You Must Follow The Steps Below:

  1. Select the RDS instance
    1
  2. Click on Modify Button
    Picture2
  3. Navigate DB Authentication button & Select the Password and IAM Database authentication

Picture3

  1. For Lower version of RDS, it does not show this option, but you can enable it by using CLI
  2. Once you Selected, it will ask you to confirm the master password, after that click on modify option save the changes.

Enable RDS Access to AWS IAM User:

  1. Create and IAM policy

For example:

{

  “Version”: “2012-10-17”,

  “Statement”: [

    {

AI at Perficient
Revolutionize Your Business With Generative AI

From product design and software development to virtual agents, content creation, and reporting, GenAI is transforming business. Our AI experts help you unlock GenAI’s full potential and drive growth.

Let’s Get Started

      “Effect”: “Allow”,

      “Action”: “rds-db:connect”,

      “Resource”: “arn:aws:rds-db:<region>:<account-id>:dbuser:<db-cluster-id>/<username>”

    }

  ]

}

  1. After creating the policy, Navigate the user whom you want to provide the access, attach that policy to user.

Picture4

 

Connecting DB using AWS IAM User:

  1. first you must generate token to connect the RDB; to generate a token you can run below command

aws rds generate-db-auth-token –hostname <db endpoint url> –port 3306 –region <region> –username <db_username>

Make sure you have AWS configured, otherwise you will get the error below, to configure AWS you have to use your IAM AWS account which you want use to connect db.

Picture5

Picture5

  1. then after that you can connect mysql by passing that token in below command:

mysql –host=<db_endpoint_url> –port=3306 –ssl-ca=<provide ssl if you are using ssl> –user=<db_username> –password=’genrated_token_value’

Picture7

Conclusion:

IAM DB Authentication makes it easier to manage access to your Amazon RDS databases by removing the need for hardcoded credentials. By following the above-mentioned steps, you can enable and use IAM-based authentication securely. This approach improves security, simplifies access control, and helps you stay compliant with your organization’s policies.

Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ankit Srivastava

Ankit Kumar Srivastava is a Lead Technical Consultant at Perficient. He has 8 years of experience in AEM DevOps and Administration, Microsoft Bitlocker Administration and Monitoring (MBAM), and cloud technology. He is always keen to learn about new technologies!

More from this Author

Categories
Follow Us

Related Posts

Istock 935964092
Understanding AWS Lambda Execution Role
Making Money
The Ultimate Guide for Cutting AWS Costs
Programmer Working With Program Code
Harnessing the Power of AWS Bedrock through CloudFormation