Connect to AWS RDS using IAM credentials

Ensure IAM authentication is enabled in RDS.

Ensure the user that will connect to RDS has these permissions.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "rds-db:connect"
         ],
         "Resource":[
            "arn:aws:rds-db:<region>:<account-id>:dbuser:<DBInstanceResourceID>/<DatabaseUser>"
         ]
      }
   ]
}

Log in using the master user and create a DB user with the rds_iam role.

CREATE USER db_user WITH LOGIN;;
GRANT rds_iam TO db_user;

Generate a password valid for 15min.

aws rds generate-db-auth-token \
  --hostname <dn-hostname> \
  --port 5432 \
  --username db_user

To connect to the db

export PGPASSWORD="$(aws rds generate-db-auth-token \
  --hostname <db-host> \
  --port 5432 \
  --region us-east-1 \
  --username db_user)"

psql "host=<db-host> \
      port=5432 \
      dbname=postgres \
      user=db_user \
      sslmode=require"