Smile CDR v2023.02.PRE
On this page:

35.8AWS IAM Authentication

 

It is now possible to connect to an AWS RDS database using password-less IAM authentication.

In order to take advantage of this, you need to enable the Use IAM Authentication toggle in the documentation. When this occurs, normal password-based authentication does not occur, and is instead replaced with IAM authentication. Any password that is set in the database configuration is ignored.

For IAM Authentication, the DefaultCredentialProviderChain is used. Please visit that link to read about all the ways to provide credentials to the SDK.

Since IAM Authentication to RDS also requires a region, the region is obtained using the DefaultAwsRegionProviderChain. This means that the region is obtained following the rules of the default region provider chain. Please visit that link to read about all the ways to provide a region to the SDK.

Since IAM Authentication tokens have a lifetime of about 15 minutes, and Smile CDR uses a connection pool, you should set the Connection Max Lifetime setting to something less than 15 minutes.

Limitations

Currently, only PostgreSQL has been tested using IAM Authentication. Other databases may work, but have not been tested.