# IAM authentication Authenticate to **MySQL**, **PostgreSQL**, **Aurora MySQL**, **Aurora PostgreSQL**, and **MariaDB** RDS instances using [AWS Identity and Access Management (IAM) database authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html). Using IAM for authenticating an RDS instance offers the following benefits: * Network traffic to and from the database is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS). * Centrally manage access to your database resources, instead of managing access individually for each DB instance. * For applications running on Amazon EC2 hosts, you can use profile credentials specific to your EC2 instance to access your database, instead of using a password, for greater security. ## Configuring RDS IAM Authentication in DuploCloud Use the System Config tab to enable IAM authentication before enabling it for a specific RDS instance. 1. In the DuploCloud Portal, navigate to **Administrator** -> **System Settings**. 2. Click the **System Config** tab. The **Add Config** pane displays. 3. From the **Config Type** list box, set **Flags**. 4. From the **Key** list box, select **Enable RDS IAM auth**. 5. From the **Value** list box, select **True**. 6. Click **Submit**. The configuration is displayed in the **System Config** tab.

Add Config pane with the Enable RDS IAM auth Key

System Config tab with EnableRdsIamAuth Key with Value of true

## Enabling IAM for an RDS instance You can also enable IAM for any MySQL, PostgreSQL, and MariaDB instance during RDS creation or by updating the **RDS Settings** after RDS creation. ### Enabling IAM when creating an RDS Select the **Enable IAM auth** option when you [create an RDS database](https://docs.duplocloud.com/docs/automation-platform/overview/aws-services/database/rds-database/..#id-0-toc-title).

Create a RDS page with Enable IAM Auth option highlighted

### Enabling IAM after RDS creation 1. In the DuploCloud Portal, navigate to **Cloud Services** -> **Database**. 2. In the **RDS** tab, select the database for which you want to enable IAM. 3. Click the **Actions** menu and select **RDS Settings** -> **Update IAM Auth**. The **Update IAM Auth** pane displays.

Actions menu in RDS tab with RDS Settings

Update IAM Auth pane

4. Select **Enable IAM Auth**. 5. Click **Update**. ## Getting an Authentication Token To download a token which you can use for IAM authentication: 1. In the DuploCloud Portal, navigate to **Cloud Services** -> **Database**. 2. In the **RDS** tab, select the database for which you want to enable IAM. 3. Click the **Actions** menu and select **View** -> **Get DB Auth Token**. The **RDS Credentials window** displays.

Actions menu in RDS tab with View -> Get DB Auto Token option

4. In the **RDS Credentials** window, click the Copy Icon ( ) to copy the **Endpoint**, **Username**, and **Password** to your clipboard. 5. Click **Close** to dismiss the window. {% hint style="danger" %} **PostgreSQL / Aurora PostgreSQL** To log in using an IAM token, the PostgreSQL database user must explicitly have IAM permission. Without this, the login will fail with `FATAL: password authentication failed`. Run the following commands to allow the `duplo_jit` to successfully log in using IAM tokens. 1. Log in to the database using the **Master Username**. 2. Run the following SQL commands: ```sql CREATE USER "duplo_jit"; GRANT rds_iam TO "duplo_jit"; ``` {% endhint %}