This is what I've accomplished so far:
1) I created an AWS IAM user that belongs to the AdministratorAccess group. In addition, I created and attached a policy to this user so as to allow access to the RDS instance. The policy is as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds:<region>:<account id>:<user>:<DB instance resource id>/<DB instance user>"
]
}
]
}
This policy is derived from an example in AWS's documentation: Creating and Using an IAM Policy for IAM Database Access
However, after creating the policy, I am given the following errors:
I've looked around, but can't figure out how to resolve these errors.
2) I created an RDS instance with IAM DB Authentication Enabled. Following this, I added a rule to the instance's Security Group which allows my laptop to connect to the DB instance.
3) Lastly, following the directions in "Command Line: AWS CLI and mysql Client", I created a script for connecting to the database from my laptop. The script is as follows:
#!/bin/bash
USERNAME="<IAM user>"
CERTIFICATE="<full path>/rds-combined-ca-bundle.pem"
RDSHOST="<RDS instance Endpoint>"
TOKEN="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 3306 --region us-west-2 --username $USERNAME)"
mysql --host=$RDSHOST --port=3306 --ssl-ca=$CERTIFICATE --enable-cleartext-plugin --user=$USERNAME --password=$TOKEN
When I run the script, I get the following error:
ERROR 1045 (28000): Access denied for user '<IAM user>'@'c-73-227-21-39.hsd1.ct.comcast.net' (using password: YES)
It appears the issue may be due to the errors in the policy I created, but I can't figure it out. I would appreciate some advice/help on this issue.
