Feature/aws iam authentication #12
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add @aws-sdk/rds-signer dependency for RDS auth token generation - Extend CLI arguments with --aws-iam-auth and --aws-region options - Implement automatic AWS RDS auth token generation in MySQL adapter - Auto-enable SSL for AWS IAM authentication (required by RDS) - Add comprehensive error handling for AWS credential issues - Update documentation with AWS IAM authentication examples - Maintain backward compatibility with existing authentication methods Resolves the need for secure AWS RDS connections without hardcoded passwords.
- Document requirement for AWS credentials configuration using default provider chain - Add examples for different credential configuration methods (aws configure, env vars, IAM roles) - Update both README.md and connection reference documentation - Clarify that RDS Signer uses default credential provider chain as per AWS documentation
executeautomation
approved these changes
Jul 18, 2025
jrequioma
reviewed
Jul 20, 2025
src/db/mysql-adapter.ts
Outdated
| } | ||
|
|
||
| try { | ||
| console.error(`[INFO] Generating AWS auth token for region: ${this.awsRegion}, host: ${this.host}, user: ${this.config.user}`); |
There was a problem hiding this comment.
appropriately, should be console.info
There was a problem hiding this comment.
I agree, thanks for catching it @jrequioma
jrequioma
reviewed
Jul 20, 2025
src/db/mysql-adapter.ts
Outdated
| }); | ||
|
|
||
| const token = await signer.getAuthToken(); | ||
| console.error(`[INFO] AWS auth token generated successfully`); |
There was a problem hiding this comment.
appropriately, should be console.info
There was a problem hiding this comment.
I agree, thanks for catching it @jrequioma
jrequioma
reviewed
Jul 20, 2025
src/db/mysql-adapter.ts
Outdated
| throw new Error(`AWS IAM authentication failed: ${(err as Error).message}. Please check your AWS credentials and IAM permissions.`); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Initialize MySQL connection | ||
| */ | ||
| async init(): Promise<void> { | ||
| try { | ||
| console.error(`[INFO] Connecting to MySQL: ${this.host}, Database: ${this.database}`); |
There was a problem hiding this comment.
appropriately, should be console.info
jrequioma
reviewed
Jul 20, 2025
src/db/mysql-adapter.ts
Outdated
|
|
||
| // Handle AWS IAM authentication | ||
| if (this.awsIamAuth) { | ||
| console.error(`[INFO] Using AWS IAM authentication for user: ${this.config.user}`); |
There was a problem hiding this comment.
appropriately, should be console.info
There was a problem hiding this comment.
I agree, thanks for catching it @jrequioma
jrequioma
reviewed
Jul 20, 2025
src/db/mysql-adapter.ts
Outdated
| } else { | ||
| this.connection = await mysql.createConnection(this.config); | ||
| } | ||
|
|
||
| console.error(`[INFO] MySQL connection established successfully`); |
There was a problem hiding this comment.
appropriately, should be console.info
There was a problem hiding this comment.
I agree, thanks for catching it @jrequioma
executeautomation
requested changes
Jul 21, 2025
thanks @jrequioma @executeautomation fixed |
jrequioma
approved these changes
Jul 21, 2025
|
Perfect ! |
executeautomation
merged commit f56a616
into
executeautomation:main
2 of 3 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add AWS IAM authentication support for MySQL
This PR adds AWS IAM database authentication for Amazon RDS MySQL instances, enabling secure connections without hardcoded passwords.
Changes:
--aws-iam-authand--aws-region@aws-sdk/rds-signerfor automatic token generationUsage:
Prerequisites:
AWS credentials must be configured via:
aws configure(default profile)AWS_PROFILE,AWS_ACCESS_KEY_ID, etc.)This enables secure AWS RDS connections using IAM authentication while maintaining full compatibility with existing MySQL authentication methods.