New
Boost Developer Productivity & Streamline Onboarding with CDE's

Download the Whitepaper

Home
/
/
/

In addition to using user/password for database authentication, Coder supports connecting to Amazon RDS databases using IAM credentials.

Requirements

Setup

  1. Create an IAM role

to use for database authentication.

  1. Create an IAM policy for the role created in Step 1.
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
             "rds-db:connect"
         ],
         "Resource": [
             "arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDEFGHIJKL01234/db_user"
         ]
      }
   ]
}
  1. Add a Trust Relationship to the IAM role.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
            "Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "arn:aws:iam::111122223333:oidc-provider/oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub":"system:serviceaccount:<cluster>:<namespace>"
                }
            }
        }
    ]
}
  1. Create a database user with the same name specified in the policy above, and grant them the rds_iam role.
CREATE USER dbuser WITH LOGIN; 
GRANT rds_iam TO dbuser;
  1. Set the following values in your Helm chart and re-deploy Coder.
coderd:
  builtinProviderServiceAccount:
    annotations:
      # this role is assumed by the coderd pods, it must have correct IAM policy to connect to RDS
      "eks.amazonaws.com/role-arn": "arn:aws:iam::1234567890:role/example"
postgres:
  host: "example.us-east-1.rds.amazonaws.com"
  port: "5432"
  user: "dbuser"
  database: "coder"
  # notice the password field is not used
  connector: "awsiamrds"
  default:
    enable: false

Documentation references:

See an opportunity to improve our docs? Make an edit.
On this page