In the case of RDS, access control does not know any other way than security groups, so I would like to ask for advice.

Question

### The direction of access control I want is as follows.
1. Make certain users accessible only to certain DBs
2. Can see what privileges a particular user has on a particular DB (Select, insert, delete, etc.)
3. Configure DB to identify and accessible/unable control of specific users for specific IPs

I would like to ask you a question about how access control is possible.

Accepted Answer

Hi,

On 3rd point, you can use IAM policy for IAM database access:  see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html

The idea is that you grant user or role permission to use a given database id and you grant permissions in the dataabse to this id.

So, only users that you allow at IAM level can connect and use this identity to receive their database credentials. So, it those users are part of a VPC, you achieve your goal.

Best,

Didier

Answer

Point 1 and 2 you would have to use the SQL native administration where you would create your users and what permissions each user have. Doesn’t matter it’s on RDS it’s built into the sql server.

I believe point 3 is possible on MySQL also using the native administration. You’d have to check other sql servers to see if it’s possible.

In the case of RDS, access control does not know any other way than security groups, so I would like to ask for advice.

The direction of access control I want is as follows.

Contenuto pertinente