diff --git a/service/rds/rdsutils/connect.go b/service/rds/rdsutils/connect.go
index 67613948ff7..28415d1760b 100644
--- a/service/rds/rdsutils/connect.go
+++ b/service/rds/rdsutils/connect.go
@@ -2,6 +2,7 @@ package rdsutils
 
 import (
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/credentials"
@@ -15,6 +16,8 @@ import (
 // region is the region of database that the auth token would be generated for. The dbUser is the user
 // that the request would be authenticated with. The creds are the credentials the auth token is signed
 // with.
+//
+// The url that is returned will not contain the scheme.
 func BuildAuthToken(endpoint, region, dbUser string, creds *credentials.Credentials) (string, error) {
 	req, err := http.NewRequest("GET", endpoint, nil)
 	if err != nil {
@@ -33,5 +36,12 @@ func BuildAuthToken(endpoint, region, dbUser string, creds *credentials.Credenti
 		return "", err
 	}
 
-	return req.URL.String(), nil
+	url := req.URL.String()
+	if strings.HasPrefix(url, "http://") {
+		url = url[len("http://"):]
+	} else if strings.HasPrefix(url, "https://") {
+		url = url[len("https://"):]
+	}
+
+	return url, nil
 }
diff --git a/service/rds/rdsutils/connect_test.go b/service/rds/rdsutils/connect_test.go
index 29e34a89d7e..af42bf180f8 100644
--- a/service/rds/rdsutils/connect_test.go
+++ b/service/rds/rdsutils/connect_test.go
@@ -17,5 +17,5 @@ func TestBuildAuthToken(t *testing.T) {
 
 	url, err := rdsutils.BuildAuthToken(endpoint, region, user, creds)
 	assert.NoError(t, err)
-	assert.Regexp(t, `^https://prod-instance\.us-east-1\.rds\.amazonaws\.com:3306\?Action=connect.*?DBUser=mysqlUser.*`, url)
+	assert.Regexp(t, `^prod-instance\.us-east-1\.rds\.amazonaws\.com:3306\?Action=connect.*?DBUser=mysqlUser.*`, url)
 }