# IAM Auth

{% stepper %}
{% step %}

#### Create the IAM Database User

**MySQL or MariaDB**

```sql
CREATE USER teleskope IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
```

**Postgres**

```sql
CREATE USER teleskope; 
GRANT rds_iam TO teleskope;
```

{% endstep %}

{% step %}

#### Grant DB User Permissions

{% tabs %}
{% tab title="Read Access" %}
**MySQL or MariaDB**

```sql
GRANT SHOW DATABASES, SELECT ON *.* TO teleskope
```

**Postgres versions 14+**

```sql
GRANT pg_read_all_data TO teleskope
```

**Postgres versions < 14**

```sql
SELECT format('GRANT CONNECT ON DATABASE %I TO teleskope;', datname) FROM pg_database \gexec
SELECT format('GRANT USAGE ON SCHEMA %I TO teleskope;', nspname) FROM pg_namespace \gexec
SELECT format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO teleskope;', nspname) FROM pg_namespace \gexec
```

{% endtab %}

{% tab title="Write Access" %}
**MySQL or MariaDB**

```sql
GRANT UPDATE, DELETE on *.* TO teleskope
```

**Postgres versions 14+**

```sql
GRANT pg_write_all_data TO teleskope
```

**Postgres versions < 14**

```sql
SELECT format('GRANT UPDATE, DELETE ON ALL TABLES IN SCHEMA %I TO teleskope;', nspname) FROM pg_namespace \gexec
```

{% endtab %}
{% endtabs %}
{% endstep %}

{% step %}

#### Enable IAM Auth

1. [Enable IAM Auth](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Enabling.html) for the RDS Cluster.
2. Provide the Teleskope IAM role in the AWS account with the following permission for your database:

{% code fullWidth="true" %}

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds-db:connect"
      ],
      "Resource": [
        "arn:aws:rds-db:{REGION}:{ACCOUNT_ID}:dbuser:{DB_RESOURCE_ID}/{DB_USER}"
      ]
    }
  ]
}
```

{% endcode %}
{% endstep %}

{% step %}
**Submit the&#x20;**<mark style="color:purple;">**Username**</mark>**&#x20;in the Teleskope interface**
{% endstep %}
{% endstepper %}