Tutorial Highlights & Transcript
00:00 - Beginning of video
00:14 - What is IAM database authentication?
00:38 - How IAM database authentication works
01:53 - Steps to performing IAM database authentication
02:02 - Live demo tutorial of how to do IAM database authentication
Okay, and this is the policy that I that I just created withTerraForm. And this is the permissions, we have the statements, and the action is RDS DB. RDS DB, it’s only for this feature. If you want more features on RDS, you’ll need to use only RDS without the dash DB. The effect is allowed, of course, and then we have to specify the resource right? On the resource, we have to specify which database users will be able to connect through IAM Database Authentication. In this case, my database user is called Gueban doe. This right here is the row’s resource ID of our RDS instance. I’m going to modify this because after doing changes manually and doing changes with TerraForm, I kind of booked the resource so I have to do this manually. And now we have to create a role. Now we have to attach this policy to our role. And as you can see, we need to attach these Amazon RDS read only access. Because in order to get the talking we need to describe our instances and connect to them. Now the trusted entities, the trusted relationships, I have started as trusted entities. Amazon EC2 instances just for the scope of this demo. Now I am going to attach this role to this instance. And here, okay, now that we have the role attached, we have to connect to the instance. And well, okay, we’re inside, and I’m going to run a few commands really quick, and I’m going to explain, and I’m going to explain it. Okay. So the first one, it’s an environment variable called RDS host. What is this is the RDS host or the endpoint of our RDS instance. And then we use an environment variable called token with this environment variable, we call it the token, and we store it on this variable right here. If we want to see the token address, there we have the token. Oh, I forgot to tell you, as you can see here, to request the token, we need to specify the hostname, the port, of course, the region, and then the username that we are going to use to access our database instance. But with that, in our hands, we can access our database instance. And well, there we go. To access, we need to specify again, the host, the port, this black enable your text plugin that it’s used to, to specify that we’re using the plug in AWS authentication plugin, and then the user Gueban Doe and password token. And yep, that was inside. By the way, if any of you are asking yourselves, can we apply this to an instance that is not running on RDS? Well, we do, we just have to download and install the AWS authentication plugin. And after that, we can do the configurations and we’ll be ready to do it. I wanted to show you something else. I think it’s pretty interesting. As you can see, in my steps right here, I didn’t do step three, that was create database users. That was because I have already created them on my TerraForm deployment. Here we define a provider and to the provider, we need to specify an endpoint, a username and a password. It’s good to know that this username and password are from a user with administrative permissions. And here we have the resource that creates our users, MySQL user and I am passing on an array like this. In this case, it’s only an array with one element called Gueban doe. But there we have it.
Miguel is a DevOps Engineer at nClouds and an AWS Certified Cloud Practitioner.