Aws-cdk: RDS: Support enabling IAM DATABASE Authentication

Created on 16 Jan 2019  路  6Comments  路  Source: aws/aws-cdk

The current RDS constructs do not surface the IAM DB Authentication configuration, making it unusable without resorting to escape hatches.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

@aws-cdaws-rds efforsmall feature-request good first issue in-progress p1
Source
picture RomainMuller
👍10

Most helpful comment

Work left here is to build a grantConnect() method that will grant an IAM IPrincipal with the permissions to connect. Any calls to grantConnect() should automatically turn set the iamAuthentication property, if not already.

picture nija-at on 6 Feb 2020
👍5

All 6 comments

I have a WIP for this, but the permission-granting API for the grantConnect primitive requires the "resource ID" of the DBInstances, which isn't surfaced by CloudFormation (hence requires a CustomResource).

RomainMuller picture RomainMuller on 17 Jan 2019
👍2

+1

saltman424 picture saltman424 on 8 Aug 2019

any news on this?

gbooth27 picture gbooth27 on 18 Oct 2019

@RomainMuller did you submit your WiP anywhere?

skinny85 picture skinny85 on 30 Oct 2019

@skinny85 - nope I never managed to finish that completely; and the underlying APIs changed quite a bit in between... so it's as good as not existent.

RomainMuller picture RomainMuller on 24 Jan 2020

Work left here is to build a grantConnect() method that will grant an IAM IPrincipal with the permissions to connect. Any calls to grantConnect() should automatically turn set the iamAuthentication property, if not already.

nija-at picture nija-at on 6 Feb 2020
👍5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

artyom-melnikov picture artyom-melnikov  路  3Comments
eladb picture eladb  路  3Comments
peterdeme picture peterdeme  路  3Comments
Kent1 picture Kent1  路  3Comments
eladb picture eladb  路  3Comments