I want to connect to my Amazon Aurora PostgreSQL-Compatible Edition DB instance or cluster using Kerberos authentication.
Short description
Prerequisites
Before connecting to your Aurora PostgreSQL-Compatible instance using Kerberos authentication, do the following:
- You must be logged into the Amazon Elastic Compute Cloud (Amazon EC2) Instance domain that's joined with AWS Directory Service for Microsoft Active Directory. Or, you must be logged in to an on-premises Active Directory domain trusted with AWS Managed Microsoft AD. The user must be part of the domain, for example youruser@example.com, before you can connect to the Aurora Database with Kerberos authentication. To set up Active Directory, see Create and configure users. If you are using the on-premises option, then you must set up TRUST between the on-premises Active Directory and AWS Managed Microsoft AD.
- Create an Aurora PostgreSQL-Compatible DB instance with the authentication mode set to Kerberos authentication. Or use an existing DB instance with this authentication mode. Make sure that your DB instance runs in the same VPC as the AWS Managed Microsoft AD.
- Create a user in AWS Managed Microsoft AD. This user must match the database user that you create in the next step (youruser@example.com).
- Create a user (youruser@example.com) in the database with the required permissions to log in using AWS Managed Microsoft AD authentication.
- Install the pgAdmin and PostgreSQL client.
Resolution
Connect to your DB instance using Kerberos authentication (Windows)
- Open pgAdmin.
- Create a new server connection and name the server.
- In the Connection tab, enter the Aurora cluster endpoint for Host name/address. Enter the port number if not the default, and the user name (youruser@example.com). Note: You don't need a password if you're using the Kerberos authentication option available in pgAdmin.
- Save the server connection.
You can now connect to the Aurora PostgreSQL-Compatible instance using Kerberos authentication.
Connect to your DB instance using Kerberos authentication (Linux)
Log in to the Linux client as the AD user (youruser@example.com), and then run this command to connect:
psql -h yourrdsinstance.region.rds.amazonaws.com -U youruser@example.com -d yourdatabase
Related information
Setting up Kerberos authentication for PostgreSQL DB clusters