I’m happy to help—could you share a bit more about what you’d like a suggestion on? A few details that will help me give a precise recommendation: - What are you trying to accomplish with Prefect? - Any errors or logs you’re seeing? - Relevant code or deployment config (snippets are great) - Your environment: local, Docker, Kubernetes, or cloud (Prefect Cloud vs self-hosted) - Prefect version (assuming 3.x unless you’re on 2.x) Once I have that, I can propose a concrete approach or code example.

Short answer: Prefect Server doesn’t currently auto-refresh AWS RDS/Aurora IAM auth tokens for its Postgres connection. Since IAM tokens are short-lived (about 15 minutes), a long-running service with a persistent connection pool will eventually hit failures unless something external refreshes credentials. Recommended options (in order of simplicity/robustness): - Use a conventional DB user/password for the Prefect Server database (with TLS). Store it in your secret manager and rotate on your cadence; restart/roll your Prefect API when the secret rotates. This is the most common pattern for long-lived services like Prefect Server. - Put AWS RDS Proxy in front of Aurora and have Prefect connect with a standard DB user/password. Let RDS Proxy handle connection pooling to Aurora; manage credential rotation with Secrets Manager. Prefect does not need to generate IAM tokens in this setup. - If you must keep IAM token auth: - You’ll need external automation that periodically generates a fresh token and restarts Prefect API before expiry, or a custom engine hook that supplies a new token on each connect (the latter isn’t supported by Prefect out of the box). - Set conservative SQLAlchemy pool options to reduce stale/expired connections: enable pre-ping and set pool_recycle to less than the token TTL. Note this only helps detect dead connections; without a fresh token at reconnect time, connections will still fail. Relevant docs and references: - Prefect 3 settings reference (see Server/Database and SQLAlchemy options): Prefect 3 Settings reference - Server database configuration API reference: Server database configuration API - AWS IAM DB authentication: IAM auth for RDS/Aurora - RDS Proxy overview: RDS Proxy - SQLAlchemy pool_recycle/pre_ping background: SQLAlchemy pooling A couple of clarifying questions so I can suggest a concrete path: - Where are you running Prefect Server (Kubernetes, Docker, VM)? - How are you injecting the DB connection string today (K8s Secret, env var, file)? - Are you able to use RDS Proxy or a static DB user for the Prefect Server DB? If you’re on Kubernetes and must stay with IAM tokens, I can share a pattern that: - Generates a new token into a Secret on a schedule (External Secrets/cron), - Triggers a rolling restart of the Prefect API deployment just before token expiry (e.g., with a reloader operator), so the server always starts with a fresh token. It’s not zero-touch, but it’s workable.