Skip to main content
IAM database authentication for PostgreSQL (Aurora/RDS) is available since Phoenix 12.9.0. Use that version or newer before following this guide.
First, ensure that Phoenix runs with valid AWS credentials, either by using an IAM role attached to the instance (EC2/ECS/EKS), or by configuring AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Configuring AWS_DEFAULT_REGION is required. The IAM role will need a rds-db:connect policy associated with it.
Then, configure Phoenix to use the Amazon Aurora/RDS instance with IAM-based authentication. No token-lifetime tuning is required; Phoenix generates a fresh IAM token for each new database connection.