- 最新
- 投票最多
- 评论最多
Hi,
On 3rd point, you can use IAM policy for IAM database access: see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html
The idea is that you grant user or role permission to use a given database id and you grant permissions in the dataabse to this id.
So, only users that you allow at IAM level can connect and use this identity to receive their database credentials. So, it those users are part of a VPC, you achieve your goal.
Best,
Didier
Point 1 and 2 you would have to use the SQL native administration where you would create your users and what permissions each user have. Doesn’t matter it’s on RDS it’s built into the sql server.
I believe point 3 is possible on MySQL also using the native administration. You’d have to check other sql servers to see if it’s possible.
Shouldn't the user attempt to access it using SSL to use the IAM authentication?
Using iam for sql access is all or nothing. You can’t give different users different access with IAM. Thus in my answer I didn’t mention IAM.