I have enabled IAM authentication to my Postgres RDS, and can successfully authenticate using aws rds generate-db-auth-token
The CloudWatch shows the Postgres internal logs, but lacks the token validation log of the IAM identity. As such, I can see which was the database user and not who was the IAM user:
* Connected to rdsauthproxy (127.0.0.1) port 1108
> POST /authenticateRequest HTTP/1.1
Host: rdsauthproxy:1108
Accept: */*
Content-Length: 834
Content-Type: multipart/form-data;
* We are completely uploaded and fine
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 0
<
* Connection #0 to host rdsauthproxy left intact
2024-01-15 09:18:30 UTC:*.*.*.*(****):iamuser@postgres:[20352]:LOG: connection authenticated: identity="iamuser" method=pam (/rdsdbdata/config/pg_hba.conf:13)
I want to correlate the IAM identity that logged into the database. Is it possible?
I thought to receive the log from the rdsauthproxy that authenticates my generated token and proxies it to the actual RDS, but couldn't find a way to do so.