Reputation: 815
Using IAM Role to allow access to MySQL database on RDS
I have an IAM Role, myRole, for my project. I have an RDS server with a MySQL instance on it. The MySQL instance requires a username and password, however I don't want to pass these in as plaintext via command line, nor store them somewhere for retrieval later.
What I would like to do is somehow use the IAM Role as authentication in order to be able to perform backups, etc.
Is this possible?
Upvotes: 4
Views: 9291
Answers (3)
Reputation: 200562
This isn't possible. IAM is for AWS resources. As related to RDS you would use IAM to give someone permission to create or modify an RDS server. The MySQL database engine doesn't know that it is running on AWS and doesn't know anything about IAM roles, so it can't use that for user authentication. You have to stick with username/passwords for authentication to the database.
Update 12/13/2017: You can now use IAM authentication for RDS MySQL and Aurora.
Upvotes: 4
Reputation: 3126
See this gist with code example and notes on authenticating MySQL via PHP to Amazon Aurora using IAM:
https://gist.github.com/sators/38dbe25f655f1c783cb2c49e9873d58a
Upvotes: 0
Reputation: 166
It is now possible for MySQL or Amazon Aurora:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
Upvotes: 8
Related Questions
- AWS RDS - IAM Database Authentication with Rails
- grant access to user on amazon RDS server
- Grant an IAM user access to one RDS instance
- Associate IAM Role with RDS instance
- Connect to Amazon RDS Postgresql with IAM Role
- AWS RDS MySQL connection using IAM Role is not working
- Unable to Connect to RDS Instance with IAM Auth via mysql CLI Tool
- Setting up RDS (MySQL) database access using IAM to generate access tokens
- Set up a connection to AWS RDS from a MySQL client using AMI as authentication layer.
- MySQL and Amazon RDS DBA user