As of today, RDS users can be created which use IAM to authenticate. The documentation shows a sample in Java, but since we are a PHP shop we need this support in here.
See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
@mvanbaak We are working on this and you will see an update very soon. We don't have an sla as of now but I will keep this thread updated.
@mvanbaak RDS IAM Auth has been merged. Updated the CHANGELOG-> https://github.com/aws/aws-sdk-php/blob/master/CHANGELOG.md
@imshashank Is there any example / documentation on how to use somewhere?
@sators Check out the Rds\AuthTokenGenerator for generating your token.
Thanks @kstich for your help - I did dig around and and find Rds\AuthTokenGenerator...I'm using this sample code below to try to obtain a token:
// Use the default credential provider
$provider = CredentialProvider::defaultProvider();
$RdsAuthGenerator = new Aws\Rds\AuthTokenGenerator($provider);
$token = $RdsAuthGenerator->createToken('<db endpoint omitted>', 'us-east-2', 'iamuser');
var_dump($token);
This is outputting:
string(1023) "Action=connect&DBUser=iamuser&X-Amz-Security-Token=<random token>&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<random credential>&X-Amz-Date=20171012T162656Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Signature=<random signature>"
Is this entire string supposed to be the MySQL password/token? ...or is it only supposed to be the value from the X-Amz-Security-Token parameter?
Yes, that entire string should be used as the password.
Anyone visiting in the future might find this gist helpful: https://gist.github.com/sators/38dbe25f655f1c783cb2c49e9873d58a
Thanks!
Most helpful comment
Anyone visiting in the future might find this gist helpful: https://gist.github.com/sators/38dbe25f655f1c783cb2c49e9873d58a