# IAM Auth

{% stepper %}
{% step %}
**Create the IAM Database User**

**MySQL or MariaDB**

```sql
CREATE USER teleskope IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
```

**Postgres**

```sql
CREATE USER teleskope; 
GRANT rds_iam TO teleskope;
```

{% endstep %}

{% step %}
**Grant DB User Permissions**

{% tabs %}
{% tab title="Read Access" %}
**MySQL or MariaDB**

```sql
GRANT SHOW DATABASES, SELECT ON *.* TO teleskope
```

**Postgres versions 14+**

```sql
GRANT pg_read_all_data TO teleskope
```

**Postgres versions < 14**

```sql
SELECT format('GRANT CONNECT ON DATABASE %I TO teleskope;', datname) FROM pg_database \gexec
SELECT format('GRANT USAGE ON SCHEMA %I TO teleskope;', nspname) FROM pg_namespace \gexec
SELECT format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO teleskope;', nspname) FROM pg_namespace \gexec
```

{% endtab %}

{% tab title="Write Access" %}
**MySQL or MariaDB**

```sql
GRANT UPDATE, DELETE on *.* TO teleskope
```

**Postgres versions 14+**

```sql
GRANT pg_write_all_data TO teleskope
```

**Postgres versions < 14**

```sql
SELECT format('GRANT UPDATE, DELETE ON ALL TABLES IN SCHEMA %I TO teleskope;', nspname) FROM pg_namespace \gexec
```

{% endtab %}
{% endtabs %}
{% endstep %}

{% step %}
**Enable IAM Auth**

1. [Enable IAM Auth](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Enabling.html) for the RDS Cluster.
2. Provide the Teleskope IAM role in the AWS account with the following permission for your database:

{% code fullWidth="true" %}

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds-db:connect"
      ],
      "Resource": [
        "arn:aws:rds-db:{REGION}:{ACCOUNT_ID}:dbuser:{DB_RESOURCE_ID}/{DB_USER}"
      ]
    }
  ]
}
```

{% endcode %}
{% endstep %}

{% step %}
**Submit the&#x20;**<mark style="color:purple;">**Username**</mark>**&#x20;in the Teleskope interface**
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teleskope.ai/connectors/aws/rds/iam-auth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.