Amazon RDS now provides visibility into IAM DB Authentication metrics and logs
Amazon Relational Database Service (RDS) IAM Database Authentication (IAM DB Auth) now provides enhanced observability through metrics and logs. It enables customers to investigate and resolve authentication errors when connecting to RDS databases.
Database connection authentication failures can occur due to multiple reasons such as configuration or permission issues with your IAM policy, using expired tokens, throttling, etc. IAM DB Auth metrics and logs support troubleshooting authentication errors caused due to the above issues. Now you will also get visibility into error logs that help you get insights into user specific connection failures. IAM DB Authentication metrics are available in Amazon CloudWatch automatically as long as IAM DB Authentication is enabled on your database instance or cluster. IAM DB Authentication error logs can be exported to your CloudWatch Logs account via the RDS Export to CloudWatch Logs feature.
Amazon RDS IAM DB Authentication metrics and logs are supported by RDS for MySQL, RDS for MariaDB, RDS for PostgreSQL, Aurora MySQL-Compatible Edition, and Aurora PostgreSQL-Compatible Edition. To get started with enabling RDS IAM DB Authentication visit: Enabling and disabling IAM database authentication - Amazon Relational Database Service and Enabling and disabling IAM database authentication - Amazon Aurora.
For RDS database authentication error troubleshooting using RDS IAM DB Auth metrics and logs visit this page for Amazon RDS and this page for Amazon Aurora.
To learn more about Amazon Identity and Access Management, refer the product detail page.