Cloud Experts Documentation

Connect to RDS database with STS from ROSA

Last edited
Published
Authors
Florian Jacquin
Tags: ROSA

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.

The Amazon Web Services Relational Database Service (AWS RDS) can be consumed from Red Hat OpenShift Service on AWS (ROSA) and authenticate to DB with Security Token Service (STS).

This is a guide to quickly connect to RDS Database (Postgres engine) from ROSA.

Amazon Web Services Relational Database Service

Amazon Web Services Relational Database Service (AWS RDS) is a distributed relational database service by Amazon Web Services. It is designed to simplify setup, operation, and scaling of a relational database for use in applications. It supports differents database engines such as Amazon Aurora, MySQL, MariaDB, Oracle, Microsoft SQL Server, and PostgreSQL.

In our example we will use PostgreSQL as engine.

Prerequisites

  • A Red Hat OpenShift on AWS (ROSA) 4.12 cluster
  • The OC CLI
  • The AWS CLI
  • jq command

Set up environment

  1. Export value of your cluster name (rosa list cluster)

  2. Export list of environements variables from your cluster

Create database network

  1. VPC + Subnets

  2. Internet Gateway

  3. DB Subnet group

Create RDS Database

  1. Create DB with aws cli

  2. Authorize ROSA cluster to connect to DB

IAM Permissions

  1. Build the RDS access Policy

  2. Create the RDS Access Policy

    This creates a named policy for the cluster, you could use a generic policy for multiple clusters to keep things simpler.

  3. Build Trust Policy

  4. Create Role for accessing database

  5. Attach the Policies to the Role

Test STS

  1. Create new project

  2. Check that STS is working properly

Prepare/Populate Database

  1. Create a Pod for connecting to DB with postgres user

  2. Download dataset IPrange / Country (in the prompt of oc run)

  3. Connect to DB, create user, DB and populate it (in the prompt of oc run)

Connection with IAM

  1. Create pod to access with a IAM user this time

  2. Test request

Deploy app

  1. Create new-app

  2. Add secrets to deployment

  3. Expose APP

  4. Test app

    Expected output

Cleanup

  1. Delete resources

  2. Detach the Policies to the Role

  3. Delete the Role

  4. Delete the Policy

Back to top

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat