Ensure IAM Database Authentication feature is enabled in order to use AWS Identity and Access Management (IAM) service to manage database access to your Amazon RDS MySQL and PostgreSQL instances. With this feature enabled, you don't have to use a password when you connect to your MySQL/PostgreSQL database instances, instead you use an authentication token. An authentication token is a unique string of characters with a lifetime of 15 minutes that AWS RDS generates on your request. IAM Database Authentication removes the need of storing user credentials within the database configuration, because authentication is managed externally using AWS IAM.
Enabling IAM Database Authentication feature for your MySQL/PostgreSQL database instances provides multiple benefits such as in-transit encryption - the network traffic to and from database instances is encrypted using Secure Sockets Layer (SSL), centralized management - using AWS IAM to centrally manage access to your database resources, instead of managing access individually for each database instance and enhanced security - for web applications running on Amazon EC2, you can use IAM profile credentials specific to each EC2 instance to access the associated database instead of a using passwords. Note: Enabling IAM Database Authentication for MySQL and PostgreSQL database instances does not disable the authentication method using passwords, you also have the option to use standard database authentication.
To determine if your Amazon RDS MySQL and PostgreSQL database instances are using IAM Database Authentication, perform the following actions:
To enable IAM Database Authentication feature for your existing Amazon RDS database instances in order to manage your MySQL/PostgreSQL database user credentials through AWS IAM users and roles, perform the following actions: