Launch announcement: Amazon RDS now provides visibility into IAM DB Authentication metrics and logs

Amazon Relational Database Service (RDS) Identity and Access Management Database Authentication (IAM DB Auth) now provides enhanced observability through metrics and logs. It enables customers to investigate and resolve authentication issues when connecting to RDS databases.

Database connection authentication issues can occur due to multiple reasons such as configuration or permission issues with your IAM policy, using expired tokens, throttling, etc. IAM DB Auth metrics and logs can help troubleshoot authentication issues caused due to all the above issues. Now you will also get visibility into error logs that help you get insights into user specific connection failures. IAM DB Auth metrics are available in Amazon CloudWatch automatically as long as IAM DB Authentication is enabled on your database instance or cluster. IAM DB Auth error logs can be exported to your CloudWatch Logs account via the RDS Export to CloudWatch Logs feature.

Amazon RDS IAM DB Auth metrics and logs are supported by RDS for MySQL, RDS for MariaDB, RDS for PostgreSQL, Aurora MySQL-Compatible Edition, and Aurora PostgreSQL-Compatible Edition. To get started with enabling Amazon RDS IAM DB Authentication, visit: Enabling and disabling IAM database authentication - Amazon RDS and Enabling and disabling IAM database authentication - Amazon Aurora. For troubleshooting Amazon RDS database authentication issues using Amazon RDS IAM DB Auth metrics and logs visit this page for Amazon RDS and this page for Amazon Aurora.

To learn more about AWS Identity and Access Management, refer the product detail page.