# IAM authentication Authenticate to **MySQL**, **PostgreSQL**, **Aurora MySQL**, **Aurora PostgreSQL**, and **MariaDB** RDS instances using [AWS Identity and Access Management (IAM) database authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html). Using IAM for authenticating an RDS instance offers the following benefits: * Network traffic to and from the database is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS). * Centrally manage access to your database resources, instead of managing access individually for each DB instance. * For applications running on Amazon EC2 hosts, you can use profile credentials specific to your EC2 instance to access your database, instead of using a password, for greater security. ## Configuring RDS IAM Authentication in DuploCloud Use the System Config tab to enable IAM authentication before enabling it for a specific RDS instance. 1. In the DuploCloud Portal, navigate to **Administrator** -> **System Settings**. 2. Click the **System Config** tab. The **Add Config** pane displays. 3. From the **Config Type** list box, set **Flags**. 4. From the **Key** list box, select **Enable RDS IAM auth**. 5. From the **Value** list box, select **True**. 6. Click **Submit**. The configuration is displayed in the **System Config** tab.

Add Config pane with the Enable RDS IAM auth Key

System Config tab with EnableRdsIamAuth Key with Value of true

## Enabling IAM for an RDS instance You can also enable IAM for any MySQL, PostgreSQL, and MariaDB instance during RDS creation or by updating the **RDS Settings** after RDS creation. ### Enabling IAM when creating an RDS Select the **Enable IAM auth** option when you [create an RDS database](https://docs.duplocloud.com/docs/automation-platform/overview/aws-services/database/rds-database/..#id-0-toc-title).

Create a RDS page with Enable IAM Auth option highlighted

### Enabling IAM after RDS creation 1. In the DuploCloud Portal, navigate to **Cloud Services** -> **Database**. 2. In the **RDS** tab, select the database for which you want to enable IAM. 3. Click the **Actions** menu and select **RDS Settings** -> **Update IAM Auth**. The **Update IAM Auth** pane displays.

Actions menu in RDS tab with RDS Settings

Update IAM Auth pane

4. Select **Enable IAM Auth**. 5. Click **Update**. ## Getting an Authentication Token To download a token which you can use for IAM authentication: 1. In the DuploCloud Portal, navigate to **Cloud Services** -> **Database**. 2. In the **RDS** tab, select the database for which you want to enable IAM. 3. Click the **Actions** menu and select **View** -> **Get DB Auth Token**. The **RDS Credentials window** displays.

Actions menu in RDS tab with View -> Get DB Auto Token option

4. In the **RDS Credentials** window, click the Copy Icon ( ) to copy the **Endpoint**, **Username**, and **Password** to your clipboard. 5. Click **Close** to dismiss the window. {% hint style="danger" %} **PostgreSQL / Aurora PostgreSQL** To log in using an IAM token, the PostgreSQL database user must explicitly have IAM permission. Without this, the login will fail with `FATAL: password authentication failed`. Run the following commands to allow the `duplo_jit` to successfully log in using IAM tokens. 1. Log in to the database using the **Master Username**. 2. Run the following SQL commands: ```sql CREATE USER "duplo_jit"; GRANT rds_iam TO "duplo_jit"; ``` {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.duplocloud.com/docs/automation-platform/overview/aws-services/database/rds-database/iam-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.