Step 3: Add your IAM role to your RDS for Db2 DB instance - Amazon Relational Database Service

Step 3: Add your IAM role to your RDS for Db2 DB instance

In this step, you add your IAM role to your RDS for Db2 DB instance. Note the following requirements:

  • You must have access to an IAM role with the required Amazon S3 permissions policy attached to it.

  • You can only associate one IAM role with your RDS for Db2 DB instance at a time.

  • Your RDS for Db2 DB instance must be in the Available state.

You can add an IAM role to your DB instance by using the AWS Management Console or the AWS CLI.

To add an IAM role to your RDS for Db2 DB instance

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Databases.

  3. Choose your RDS for Db2 DB instance name.

  4. On the Connectivity & security tab, scroll down to the Manage IAM roles section at the bottom of the page.

  5. For Add IAM roles to this instance, choose the role that you created in Step 2: Create an IAM role and attach your IAM policy.

  6. For Feature, choose S3_INTEGRATION.

  7. Choose Add role.

    The S3_INTEGRATION feature added to the IAM role for a DB instance.

To add an IAM role to your RDS for Db2 DB instance, run the add-role-to-db-instance command. In the following example, replace db_instance_name and iam_role_arn with the name of your DB instance and the ARN of the IAM role that you created in Step 2: Create an IAM role and attach your IAM policy.

For Linux, macOS, or Unix:

aws rds add-role-to-db-instance \
    --db-instance-identifier db_instance_name \
    --feature-name S3_INTEGRATION \
    --role-arn iam_role_arn \

For Windows:

aws rds add-role-to-db-instance ^
    --db-instance-identifier db_instance_name ^
    --feature-name S3_INTEGRATION ^
    --role-arn iam_role_arn ^

To confirm that the role was successfully added to your RDS for Db2 DB instance, run the describe-db-instances command. In the following example, replace db_instance_name with the name of your DB instance.

For Linux, macOS, or Unix:

aws rds describe-db-instances \
    --filters "Name=db-instance-id,Values=db_instance_name" \
    --query 'DBInstances[].AssociatedRoles'

For Windows:

aws rds describe-db-instances ^
    --filters "Name=db-instance-id,Values=db_instance_name" ^
    --query 'DBInstances[].AssociatedRoles'

This command produces output similar to the following example:

[
    [
        {
            "RoleArn": "arn:aws:iam::0123456789012:role/rds-db2-s3-role",
            "FeatureName": "S3_INTEGRATION",
            "Status": "ACTIVE"
        }
    ]
]