Connect to azure postgresql from AWS ECS

Hi Deepika Deshpande,

To connect your AWS ECS-hosted application to an Azure Database for PostgreSQL Flexible Server using token-based authentication, you're looking for an Azure equivalent to AWS STS (Security Token Service), which issues temporary credentials for secure, short-lived access.

Azure Equivalent to AWS STS: Azure Managed Identity + Azure AD Access Token

Azure does not have a direct one-to-one equivalent of AWS STS, but it offers a comparable mechanism using:

• Azure Active Directory (Azure AD) for identity and access management.
• Managed Identities or Service Principals to authenticate applications.
• Access Tokens issued via Azure AD to access services like Azure PostgreSQL.

Since your application is running in AWS, you can’t use Azure’s built-in Managed Identity directly. Instead, follow this pattern:

1.Register an App in Azure AD

• Create an App Registration in Azure AD.
• Generate a client secret or use a certificate for authentication.

2.Assign RBAC Permissions

• Grant the app access to the Azure PostgreSQL Flexible Server using Azure AD authentication.
• Ensure the PostgreSQL server is configured to allow Azure AD users.

3.From AWS, Fetch an Azure AD Token

Use the app’s client ID and secret to call Azure AD’s token endpoint:

POST https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token

With body:

client_id=<app-id> client_secret=<secret> scope=https://ossrdbms-aad.database.windows.net/.default grant_type=client_credentials

4.Use the Token to Connect

• Use the token in your PostgreSQL client (e.g., psql, pgjdbc, or Npgsql) to authenticate.

Kindly request you to please review the answer and do let us know if you have any further concerns. we are happy to help you.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.