'Why am I able to connect to postgres database in aws without 'rds-db:connect' inline policy?

I'm following AWS docs for connecting to an instance of postgresql database that is hosted in my VPC.

  • I'm using AWS RDS service configured as Postgresql
  • I've configured database authentication to be Password and IAM database authentication

In AWS I have:

  • Created inline policy called dbconnect as mentioned here
  • Created IAM user db_userx
  • Attached policy to the db_userx

In Postgresql through pgAdmin 4:

  • Created a user called db_userx
  • Assigned them to rds_iam role
  • On Privileges 'Can login?' has to be manually enabled (without it user is denied login access) enter image description here

In .NET 6 code I am generating token to authenticate:

string authToken = RDSAuthTokenGenerator.GenerateAuthToken("...rds.amazonaws.com", 5432, "db_userx");

The database connection is opened successfully. However when I detach the dbconnect policy from db_userx. The user can still open db connection.

Alternatively, when I remove the user from the database and just add the policy, db_userx is denied.

I know I'm missing something here but can't pin point what, anyone has any ideas?

.netpostgresql


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions