You can use AWS Identity and Access Management (IAM) database authentication to connect MySQL, PostgreSQL and MariaDB data stores to DSPM. This allows DSPM to connect securely to a DB instance using an authentication token. DSPM leverages IAM database authentication to connect to data stores while running a Data Scan.
Prerequisites
- Enable IAM database authentication for the RDS instance. For details, see the AWS documentation.
- Ensure the user that will be used to connect to the data store has Read privileges on objects in the database which will be scanned. For details on creating a user, see the AWS documentation.
Set up an IAM Connection
To set up an IAM connection for a data store:
- Select Inventory > Data Stores.
- Select the Data Stores tab.
- Select a data store for which you’ve enabled IAM DB user authentication.
- Select the Connect tab.
- Enter the following information:
- Connection Type Select IAM DB User.
- Username Enter the username with Read privileges.
- Click Submit.
The DSPM Data Scan is now able to connect to the database, read the table data, and detect sensitive information.