Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Connecting to Your DB Instance from the Command Line: AWS CLI and psql Client

You can connect from the command line to an Amazon RDS DB instance with the AWS CLI and psql command line tool as described following.

Generating an Authentication Token

The authentication token consists of several hundred characters so it can be unwieldy on the command line. One way to work around this is to save the token to an environment variable, and then use that variable when you connect. The following example shows how to use the AWS CLI to get a signed authentication token using the generate-db-auth-token command, and store it in a PGPASSWORD environment variable.

export RDSHOST="rdspostgres.cdgmuqiadpid.us-west-2.rds.amazonaws.com" export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 3306 --region us-west-2 --username jane_doe )"

In the example, the parameters to the generate-db-auth-token command are as follows:

  • --hostname – The host name of the DB instance that you want to access.

  • --port – The port number used for connecting to your DB instance.

  • --region – The AWS Region where the DB instance is running.

  • --username – The database account that you want to access.

The first several characters of the generated token look like the following.

rdspostgres.cdgmuqiadpid.us-west-2.rds.amazonaws.com:3306/?Action=connect&DBUser=jane_doe&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900...

Connecting to a DB Instance

The general format for using psql to connect is shown following.

psql host=hostName port=portNumber sslmode=verify-full sslrootcert=certificateFile dbname=DBName user=userName

The parameters are as follows:

  • host – The host name of the DB instance that you want to access.

  • port – The port number used for connecting to your DB instance.

  • sslmode – The SSL mode to use. When you use sslmode=verify-full, the SSL connection verifies the DB instance endpoint against the endpoint in the SSL certificate.

  • sslrootcert – The SSL certificate file that contains the public key. For more information, see Using SSL with a PostgreSQL DB Instance.

  • dbname – The database that you want to access.

  • user – The database account that you want to access.

The following example shows using the command to connect. The example uses the environment variables that were set when the token was generated in the previous section.

psql (host=$RDSHOST port=3306 sslmode=verify-full sslrootcert=/sample_dir/rds-combined-ca-bundle.pem dbname=DBName user=jane_doe)