在RDS上使用IAM角色作为主用户名和密码
需要访问具有IAM角色的RDS数据库,以获取主用户名和主密码。我可以将IAM角色用于数据库用户。有什么建议吗?
Need to access RdS database with iam role for master username and master password. I can use IAM role for database user. Any suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
根据定义,身份验证反对通过身份验证。
您可以通过授予DB内部的RDS_IAM角色来担任主角色,但它将赋予其所有权利。
如果您想为其他角色执行此操作,则必须在本地数据库中创建一个用户/角色,并授予其RDS_IAM角色(或其他DB Engine在Postgres以外的其他数据库中等效),并在您的RDS实例或聚类,然后配置IAM角色+策略以进行此工作。
要使用IAM连接到DB,尽管您实际上需要用户名(如果您为主帐户完成此操作,则将是主用户名,如果您已经为另一个创建的用户完成了它,那将是其用户名),它将是其用户名),但是,密码必须是使用AWS RDS命令或其他方式生成的令牌,才能通过IAM连接密码,无需密码,其无密码:)
这是您可以关注的链接:
https://aws.amazon.com/premiumssupport/premsupport/knowledgle-knowledge-knowledge-knowledge-knowledge-knowledge-knowledge-knowledge-knowledge-knowledge-leggle--know很多中心/用户连接-rds-am
By definition iam authentication opposes pass authentication.
You could to it for the master role by granting it the rds_iam role inside of your db, but it will have all the rights granted to it.
If you want to do it for another role you can, you have to create a user/role in the local database and grant it the rds_iam role (or its equivalent in other db engine than postgres) and enable iam authentication on your rds instance or cluster, and then configure an iam role+policy to make this work.
To connect to the db with iam though you will in fact need the username (if you have done this for the master account then it will be the master username and if you have done it for another created user, it will be its username), but the password have to be a token generated with aws rds command or others ways, to connect via iam there is no need of a password, its password-less :)
here is a link you can follow:
https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam