Back

Explore Courses Blog Tutorials Interview Questions
0 votes
1 view
in AWS by (19.1k points)

I'm following http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html in order to authenticate from an EC2 to RDS. I am able to run the generate-db-auth-token command to retrieve a token, but I'm not sure what to do with it after that (the instructions inexplicably end).

I've tried simply passing the regurgitated string (as well as logical substrings of the returned fields) as the password of a mysql client connection, but this doesn't seem to work.

The returned token is in the following form: {instance identifier}.{region}.rds.amazonaws.com:3306/?Action=connect&DBUser={auth db username}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900&X-Amz-Date=20170622T221608Z&X-Amz-SignedHeaders=host&X-Amz-Security-Token={super long, web-escaped string containing special characters}&X-Amz-Credential={some shorter, a web-escaped string containing special characters}&X-Amz-Signature={some long string of alphanumeric characters}

Any help is greatly appreciated.

1 Answer

0 votes
by (44.3k points)

This is working, try this out:

$ mysql -u iam_user -h iamtest.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com \

--password=`aws rds generate-db-auth-token --hostname iamtest.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com \

--port 3306 \

--username iam_user \

--region ap-northeast-1` \

--ssl-ca=/Users/hoge/rds-combined-ca-bundle.pem \

--enable-cleartext-plugin

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

28.4k questions

29.7k answers

500 comments

94k users

Browse Categories

...