Passwordless authentication with RDS and IAM (Python)

You don't have to write a solid MySQL password Please replace the inside of {} as appropriate

1. User created

CREATE USER '{MySQL username}'@'%' IDENTIFIED WITH AWSAuthenticationPlugin as 'RDS'; #User created
GRANT ALL PRIVILEGES ON {MySQL DB name}.* TO '{MySQL username}'@'%' REQUIRE SSL; #Authority

2. IAM policy

Make a policy like this

If you attach directly with json, it looks like this

{
    "Effect": "Allow",
    "Action": "rds-db:connect",
    "Resource": "arn:aws:rds-db:{AWS::Region}:{AWS::AccountId}:dbuser:cluster-{Resource ID}/{MySQL username}",
}

CloudFormation looks like this

iamRole:
    - Effect: Allow
        Action:
        - "rds-db:connect"
        Resource:
        - 'Fn::Join':
            - ':'
            - - 'arn:aws:rds-db'
                - Ref: 'AWS::Region'
                - Ref: 'AWS::AccountId'
                - 'dbuser:cluster-{Resource ID}/{MySQL username}'

3. Connect with a temporary password!

Issue a token (temporary password) like this

client = boto3.client("rds")

#Get token
token = client.generate_db_auth_token(
    DBHostname=RDS_HOST,
    Port=RDS_PORT,
    DBUsername=RDS_USER_NAME
)

db_connection = mysql.connector.connect(
    host=RDS_HOST,
    port=RDS_PORT,
    database=RDS_DB_NAME,
    user=RDS_USER_NAME,
    passwd=token
)

Only this Easy ~~

Recommended Posts

Passwordless authentication with RDS and IAM (Python)
[SAM] Try using RDS Proxy with Lambda (Python) [user/pass, IAM authentication]
Programming with Python and Tkinter
Python and hardware-Using RS232C with Python-
BASIC authentication with Python bottle
python with pyenv and venv
Works with Python and R
Communicate with FX-5204PS with Python and PyUSB
Shining life with Python and OpenCV
Try IAM Database Authentication from Python
Robot running with Arduino and python
Install Python 2.7.9 and Python 3.4.x with pip.
Neural network with OpenCV 3 and Python 3
Scraping with Node, Ruby and Python
Authentication using tweepy-User authentication and application authentication (Python)
Authentication process with gRPC and Firebase Authentication
Scraping with Python, Selenium and Chromedriver
Scraping with Python and Beautiful Soup
[Python] Use Basic/Digest authentication with Flask
JSON encoding and decoding with python
Basic authentication and Digest authentication with Flask
Hadoop introduction and MapReduce with Python
[GUI with Python] PyQt5-Drag and drop-
Reading and writing NetCDF with Python
I played with PyQt5 and Python3
Reading and writing CSV with Python
Multiple integrals with Python and Sympy
Coexistence of Python2 and 3 with CircleCI (1.0)
Easy modeling with Blender and Python
Sugoroku game and addition game with python
FM modulation and demodulation with Python
Firebase Authentication token issuance in Python and token verification with Fast API
Communicate between Elixir and Python with gRPC
Data pipeline construction with Python and Luigi
Calculate and display standard weight with python
Monitor Mojo outages with Python and Skype
FM modulation and demodulation with Python Part 3
Python installation and package management with pip
Using Python and MeCab with Azure Databricks
POST variously with Python and receive with Flask
Capturing images with Pupil, python and OpenCV
Fractal to make and play with Python
A memo with Python2.7 and Python3 on CentOS
Use PIL and Pillow with Cygwin Python
Create and decrypt Caesar cipher with python
CentOS 6.4 with Python 2.7.3 with Apache with mod_wsgi and Django
Reading and writing JSON files with Python
Dealing with "years and months" in Python
I installed and used Numba with Python3.5
Tweet analysis with Python, Mecab and CaboCha
Linking python and JavaScript with jupyter notebook
Traffic monitoring with Kibana, ElasticSearch and Python
FM modulation and demodulation with Python Part 2
Encrypt with Ruby (Rails) and decrypt with Python
Easily download mp3 / mp4 with python and youtube-dl!
Operate home appliances with Python and IRKit
Clean python environment with pythonz and virtualenv
Practice web scraping with Python and Selenium
Easy web scraping with Python and Ruby
Importing and exporting GeoTiff images with Python
I'm using tox and Python 3.3 with Travis-CI