[GH-ISSUE #20782] feat: IAM-based auth for AWS RDS/Aurora #90027

Closed
opened 2026-05-15 15:06:19 -05:00 by GiteaMirror · 0 comments
Owner

Originally created by @kirill-sch on GitHub (Jan 18, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20782

Check Existing Issues

  • I have searched for all existing open AND closed issues and discussions for similar requests. I have found none that is comparable to my request.

Verify Feature Scope

  • I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions.

Problem Description

Database connections currently only support long-lived username/password credentials and do not support AWS IAM DB authentication. Supporting IAM DB auth would provide a safer, more compliant option for connecting to RDS/Aurora using short-lived tokens and IAM roles instead of persistent database passwords.

Desired Solution you'd like

Add support for AWS RDS/Aurora IAM database authentication. OpenWebUI should be able to generate IAM auth tokens using the AWS SDK, automatically refresh them before they expire (~15 minutes), and use the token along DB user/host/port/database name to establish and maintain connections. Ideally, this can be enabled via an environment variable (e.g., IAM_TOKEN_DB_AUTH=true).

Alternatives Considered

No response

Additional Context

No response

Originally created by @kirill-sch on GitHub (Jan 18, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/20782 ### Check Existing Issues - [x] I have searched for all existing **open AND closed** issues and discussions for similar requests. I have found none that is comparable to my request. ### Verify Feature Scope - [x] I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions. ### Problem Description Database connections currently only support long-lived username/password credentials and do not support AWS IAM DB authentication. Supporting IAM DB auth would provide a safer, more compliant option for connecting to RDS/Aurora using short-lived tokens and IAM roles instead of persistent database passwords. ### Desired Solution you'd like Add support for AWS RDS/Aurora IAM database authentication. OpenWebUI should be able to generate IAM auth tokens using the AWS SDK, automatically refresh them before they expire (~15 minutes), and use the token along DB user/host/port/database name to establish and maintain connections. Ideally, this can be enabled via an environment variable (e.g., `IAM_TOKEN_DB_AUTH=true`). ### Alternatives Considered _No response_ ### Additional Context _No response_
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#90027