Establish how RDS database credentials should be managed

[robinglov]

Overview

As an Ops team, we need consistency between project environments to increase security and reduce errors in production code.

Action Items

• [ ] Determine who should have access to the database
• [ ] Research pricing
• [ ] How should database credentials be managed?

Resources/Instructions

• Resources
• Original issue: hackforla/ops#75
• Managing an Amazon RDS DB instance
• Best practices for Amazon RDS
• Amazon RDS pricing

[ExperimentsInHonesty]

Hi Leads. Is this issue ready for prioritization? Does it have enough info. I will also need help with the labels.

[ale210]

Come up with a strategy - examples could be using secrets/tags/iam to allow users to access db credentials etc

[lsousadev]

An idea is to use IAM users to login to the DB (the DB proper, not only access to RDS service) instead of classic db user/pw:

https://medium.com/@tizattogabriel/how-to-authenticate-to-an-aws-rds-postgresql-db-instance-using-iam-credentials-4e69b095c01c

Need to investigate whether this would work for IAM roles (for apps/resources)