- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
IAM authentication via RDS Proxy should be the same procedure as connecting to an RDS instance, so the IAM policy used should be the same.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html#rds-proxy-connecting
Therefore, I think it is necessary to link the following policy to the IAM Identity Center user.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDEFGHIJKL01234/db_user"
]
}
]
}
To use allow IAM Identity Centre Users to connect to the RDS proxy or database you will need to create a new permission set (or update an old one) to include a IAM policy which allows access to the RDS proxy/ DB instance. Then you will need to assign users to that permission set in the AWS account.
This is a bit messy as Role-Based access is generic, so you can either use the full proxy/database ARN the policy (to create a permission set specific to an AWS account) or the something like the following to allow access to all RDS Instances in the account.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-2:1234567890:dbuser:*/*"
]
}
]
}