Cannot connect to RDS Postgres using the IAM Authentication

Hi,

I also tried matching all DB clusters and database accounts using this ARN: "arn:aws:rds-db:us-east-2:1234567890:dbuser:/" and it resulted in the same issue, if that's what you meant.

https://repost.aws/knowledge-center/aurora-postgresql-connect-iam - It is mentioned here that my issue might be cause by trying to connect to the DB without SSL which is not the case in this situation. "If you get an error similar to the one in this example, then the client is trying to connect to the DB instance without SSL."

For example, try checking the connection using the following IAM policy.

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
             "rds-db:connect"
         ],
         "Resource": [
             "arn:aws:rds-db:us-west-2:123456789012:dbuser:*/rds-test"
         ]
      }
   ]
}

By the way, the "psql" command uses SSL communication by default, so I thought it might be possible to connect without "sslmode=verify-full sslrootcert=eu-west-1-bundle.pem". In other words, I think it is possible to connect using the following connection method. https://medium.com/@tizattogabriel/how-to-authenticate-to-an-aws-rds-postgresql-db-instance-using-iam-credentials-4e69b095c01c

export RDSHOST="example-db.eu-west-1.rds.amazonaws.com"
export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 5432 --region us-west-1 --username rds-test)"
psql "host=$RDSHOST port=5432 dbname=postgres user=rds-test password=$PGPASSWORD"

Instead of using regional certificates, why not try using a certificate bundle that includes both intermediate and root certificates for all AWS Regions? https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem