Does assigning rds_iam role for database user make his password invalid?

[Captain1653]

Hi

We want to use Plain RDS PostgreSQL (non-Aurora) and IAM authentication. We set up driver and connections settings - it all works good. But I have question about using password and IAM token at the same time by the same user.

Does assigning rds_iam role for database user make his password invalid immediately?

I follow these docs.

I ask, because we use rolling update to deploy our apps. At the same time two versions of app (with IAM auth and with password) will work during rolling update. Will it cause problems, right?

I found thoughts about it in this article (bottom), but I didn't find the confirmation in the docs.

You might be tempted to assign rds_iam role to the postgres user, but keep in mind that it will make the current password invalid > as it's not a valid IAM Token which is now required to authenticate

Can you confirm it, please?

Should we create two users and use them during rolling update: with IAM (new user) and with password (old user)? Is it recommended approach?

Kind regards

P.S. Sorry if I posted my question in the wrong section.

[Captain1653]

I found the answer. It was in limitations section.

For PostgreSQL, if the IAM role (rds_iam) is added to a user (including the RDS master user), IAM authentication takes precedence over password authentication, so the user must log in as an IAM user.