You can manage the access to the resource and log each activity by every user so that you have a good track of what the updates or deletions made by every individual logging.Authentication TokenĪuthentication token is generated using AWS cli or AWS SDK which is valid for 15 minutes and this is generated with the help of the role/user created. This method allows you to connect to the DB with an authentication token generated with the help IAM policy attached to a role or user. As Per the enterprise password policy, passwords have to be rotated, which adds more overhead to the operations.ĪWS has introduced IAM authentication for RDS with SQL and PSQL.Even with the individual user accounts, passwords are set and shared by the admins, so we couldn’t establish that the actions were performed only by that user.But with a large team, this becomes difficult to manage. An alternative to shared credentials would be creating individual user accounts for each user.With shared credentials, we were unable to identify who executed the queries. Since the user account typically has readwrite permissions, anyone can delete tables and rows.There were multiple issues with this approach. These new user accounts are not bound to any individual, so it is shared within the team and all team members use the same credentials access the DB Infra Team will use superuser account to create new application users with permissions to the databases as required. Every Team/Products owns a RDS(Mysql/Postgres) instance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |