What should the database specialist do next to establish the credentials for the users to use to log in to the DB cluster?

By:
On:
In: DBS-C01
Tagged:
With: 0 Comments
A database specialist needs to enable IAM authentication on an existing Amazon Aurora PostgreSQL DB cluster.The database specialist already has modified the DB cluster settings, has created IAM and database credentials, and has distributed the credentials to the appropriate users.

What should the database specialist do next to establish the credentials for the users to use to log in to the DB cluster?

Add the users’ IAM credentials to the Aurora cluster parameter group.

Run the generate-db-auth-token command with the user names to generate a temporary password for the users.

Add the users’ IAM credentials to the default credential profile, Use the AWS Management Console to access the DB cluster.

Use an AWS Security Token Service (AWS STS) token by sending the IAM access key and secret key as headers to the DB cluster API endpoint.

Explanations:

IAM credentials should not be added to the Aurora cluster parameter group. The parameter group mainly configures database settings and not user credentials.

Thegenerate-db-auth-tokencommand is used to create a temporary password for IAM authentication. This token is used by the users to authenticate to the Aurora DB cluster.

IAM credentials should not be added to the default credential profile for accessing the DB cluster. The AWS Management Console does not directly handle IAM authentication for Aurora PostgreSQL.

Sending an AWS STS token with IAM access key and secret key as headers is not the correct method to authenticate to Aurora PostgreSQL. Thegenerate-db-auth-tokencommand is the appropriate way to create an authentication token.

Leave a Reply

Your email address will not be published. Required fields are marked *

17 + seventeen =