Aws-sdk-php: Support the new RDS IAM authentication

Created on 25 Apr 2017  路  8Comments  路  Source: aws/aws-sdk-php

As of today, RDS users can be created which use IAM to authenticate. The documentation shows a sample in Java, but since we are a PHP shop we need this support in here.

See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

feature-request

Most helpful comment

Anyone visiting in the future might find this gist helpful: https://gist.github.com/sators/38dbe25f655f1c783cb2c49e9873d58a

All 8 comments

@mvanbaak We are working on this and you will see an update very soon. We don't have an sla as of now but I will keep this thread updated.

@mvanbaak RDS IAM Auth has been merged. Updated the CHANGELOG-> https://github.com/aws/aws-sdk-php/blob/master/CHANGELOG.md

@imshashank Is there any example / documentation on how to use somewhere?

@sators Check out the Rds\AuthTokenGenerator for generating your token.

Thanks @kstich for your help - I did dig around and and find Rds\AuthTokenGenerator...I'm using this sample code below to try to obtain a token:

// Use the default credential provider
$provider = CredentialProvider::defaultProvider();

$RdsAuthGenerator = new Aws\Rds\AuthTokenGenerator($provider);

$token = $RdsAuthGenerator->createToken('<db endpoint omitted>', 'us-east-2', 'iamuser');

var_dump($token);

This is outputting:

string(1023) "Action=connect&DBUser=iamuser&X-Amz-Security-Token=<random token>&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<random credential>&X-Amz-Date=20171012T162656Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Signature=<random signature>"

Is this entire string supposed to be the MySQL password/token? ...or is it only supposed to be the value from the X-Amz-Security-Token parameter?

Yes, that entire string should be used as the password.

Anyone visiting in the future might find this gist helpful: https://gist.github.com/sators/38dbe25f655f1c783cb2c49e9873d58a

Thanks!

Was this page helpful?
0 / 5 - 0 ratings