In the pre-requisite 3 of the document, you see the permissions that are attached to the role. The ec2 instance will leverage these permission to generate the token and use the same to communicate to the RDS Instance.

(YMMV)If the number of connections to your database is going to be very low, then you can still use this in production. But those kind of uses cases are very rare. Ideally, you will have a userid/password for your db to connect.

Inline policies can't be attached, as they only live inside a single place inside a role. The permissions he's adding is the ROLE that the EC2 will ASSUME when interacting with the database. It simply allows the EC2 permissions to "rds:connect" to the resource (user@database). Any number of ec2's could assume that role simultaneously. You could also create a single policy attached to a single iam group and add your users there. If there's a use case where your EC2 might have to connect to a database as 100 different users, I would suggest adding a wildcard to the policy expression where the username is, but my gut says there's a better overall solution for what you might be trying to accomplish.

PostgreSQL should (most probably) use similar syntax. Shouldn't be too difficult to set it up yourself based on this one. If you have any difficulty let us know, We can help. Good Luck; Happy Learning

Correct! Can you raise a 'Pull Request(PR)"?

@@ValaxyTechnologies More than happy to ;) github.com/miztiik/AWS-Demos/pull/9

Interesting question, I dont know the features of workbench. I would look to see if workbench can leverage the role/credentials from environment variables.

aws.amazon.com/blogs/database/use-iam-authentication-to-connect-with-sql-workbenchj-to-amazon-aurora-mysql-or-amazon-rds-for-mysql/

This video is available in High Definition @ 1080p. Can you please try changing the resolution of the video when you are watching? KZbin usually adjusts it based on your internet speed.