AWS Database Blog

Category: AWS Identity and Access Management (IAM)

Use IAM authentication with Amazon DocumentDB (with MongoDB compatibility)

Amazon DocumentDB now supports authentication of database users using IAM – users and applications can authenticate to Amazon DocumentDB clusters using IAM users and roles. In this post, we discuss this new feature and provide you resources on how to enable IAM authentication in your Amazon DocumentDB cluster.

Use Amazon RDS Proxy with IAM authentication for cross-account access

This post is a follow-up to Use Amazon RDS Proxy to provide access to RDS databases across AWS accounts, addressing cross-account connectivity when using RDS Proxy. We discuss how you can achieve cross-account connectivity while taking advantage of the simplicity and benefits of IAM authentication.

Securely connect to Amazon RDS for PostgreSQL with AWS Session Manager and IAM authentication

Company policies usually do not allow database instances to have a public endpoint unless there is a specific business requirement. Although that protects those resources from public access over the internet, it also limits how users can connect to them from their computers. Frequently, database administrators and development teams try to overcome that restriction by […]

Simplify managing access to Amazon ElastiCache for Redis clusters with IAM

Amazon ElastiCache for Redis is a fully managed, Redis-compatible, in-memory caching service that provides microsecond speed to support real-time applications. ElastiCache for Redis combines the speed, simplicity, and versatility of open-source Redis with the reliability, scalability, manageability, and security from AWS to power the most demanding real-time applications in media and entertainment, financial services, ecommerce, AdTech, […]

Build and load test a multi-tenant SaaS database proxy solution with Amazon RDS Proxy

Many software as a service (SaaS) customers on AWS are familiar with multi-tenancy and tenant isolation. Indeed, customers using MySQL, for instance, may have adopted the bridge model of multi-tenancy, where each tenant has access to their own isolated database or schema. AWS provides many tools and best practices to get started, but achieving database […]

Manage AWS ElastiCache for Redis access with Role-Based Access Control, AWS Secrets Manager, and IAM

October 2022: This post was reviewed and updated with a new architecture diagram and code updates to factor the change from CDK 1.x to CDK 2.x. Amazon ElastiCache for Redis is an AWS managed, Redis-compliant service that provides a high-performance, scalable, and distributed key-value data store that you can use as a database, cache, message […]

Using IAM authentication to connect with pgAdmin Amazon Aurora PostgreSQL or Amazon RDS for PostgreSQL

This blog post was last reviewed and updated July, 2024. Amazon Relational Database Service (RDS) enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for PostgreSQL database instances and Amazon Aurora PostgreSQL clusters. Database administrators can associate database users with IAM users and roles. With IAM database authentication, you don’t need to use a […]

Securing Amazon RDS and Aurora PostgreSQL database access with IAM authentication

AWS provides two managed PostgreSQL options: Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. Both support IAM authentication for managing access to your database. You can associate database users with IAM users and roles to manage user access to all databases from a single location, which avoids issues caused by permissions being out of sync […]

IAM role-based authentication to Amazon Aurora from serverless applications

January 2024: This post was reviewed and updated for accuracy. Storing user names and passwords directly in applications is not a best practice. Saving credentials as plaintext should never occur in a secure application. As a solution, AWS Identity and Access Management (IAM) policies can assign permissions that determine who is allowed to manage Amazon […]

How to use IAM multifactor authentication with Amazon RDS

A common request that we get from customers is how to protect their resources from an accidental or malicious deletion, such as instances, snapshots, clusters, and so on. Doing this is especially important when you are using a common AWS account for multiple users or teams. Although you want the flexibility to innovate within the […]