Table of contents
DBeaver is integrated with AWS RDS IAM authentication, providing you with the ability to authenticate in AWS to access your cloud databases. There are numerous ways to authorize and authenticate users in DBeaver AWS IAM, and DBeaver supports all the basic ones.
The instructions provided here are intended for the client machine where DBeaver is installed. It is assumed that the necessary configuration on the server side, including the setup of AWS RDS IAM, has already been completed.
To use IAM authentication in DBeaver, you need to select AWS RDS IAM as your authentication method in the connection settings.
|Credentials||Choose between Access/secret keys, AWS profile, or Default credentials for the type of IAM credentials configuration.|
|User||Input your username.|
|Region||Optional field to specify the AWS region. If not specified, the global region will be used.|
|Access key||AWS Access key.|
|Secret key||AWS Secret key.|
|Role name||Input the name of the role you want to use.|
|Save credentials locally||Check this box if you want to save your password locally.|
|3rd party account||Check this box if you want to access using a 3rd party role-based account.|
|Use AWS Secrets Manager||Check this box if you want to connect to AWS Secrets Manager to access the database credentials. When selected, a field Secret Name will appear where you can input the name of your AWS Secret.|
Choose the type of credentials by selecting the appropriate option from the Credentials dropdown menu.
When you use Default Credentials, AWS will then try to determine credentials by using the standard credential providers chain:
- Java system properties
- Environment variables
- Web identity token from AWS STS
- The shared credentials and config files
- Amazon ECS container credentials
- Amazon EC2 instance profile credentials
- Amazon SSO credentials
Using default credentials is the easiest way to integrate with various Single Sign-On (SSO) and web identity providers, as these providers typically supply credentials through configuration files.
For a more detailed explanation, please refer to the AWS credentials documentation.
To use Default credentials, simply enter your username in the User field and select your AWS region.
Using the IAM user access key and secret key is the simplest way to authenticate. You just need to input these two keys. You have the option to save them locally for convenience, or, for better security, you can choose to enter them each time you connect to a database.
As with the Default configuration, you need to enter your username and select the AWS region. If you've checked the Save credentials locally box, you'll need to fill in the Access key and Secret key fields. If you haven't checked this box, you'll be prompted to fill in these fields each time you connect to the database.
For more detailed instructions on managing access keys for IAM users, you can refer to the official AWS guide.
Just like with default credentials, you also have the option to select a specific credentials profile.
To do this, first select the profile you've already configured. If you need information on how to configure a profile, you can find it below. After selecting a profile, fill in the User field and select your AWS region, just like you would with the default credentials.
For more detailed instructions, you can refer to the official AWS guide on credentials config files.
If you've set up an SSO portal on your AWS account, you can use it for web-based SSO authorization. This SSO support can be activated for both Default and Profile-based AWS authorization types. To use this feature, you need to enable the Enable SSO option.
AWS Secrets Manager
If you've set up an AWS Secret, you can use it to access your database. This method can be used for both RDS databases and Redshift. You can find instructions on how to create an AWS Secret in official guide. Remember, you'll need to fill in the Password field.
To use this feature, check the Use AWS Secrets Manager box and then fill in the Secret Name field.
Note: Make sure that the secret in the same region as the database.