IAM数据库身份验证-如何使用CLI生成的令牌 [英] IAM Database Authentication - How to use CLI generated Token

问题描述

我正在关注 http://docs.aws. amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html 以便从EC2向RDS进行身份验证.我可以运行generate-db-auth-token命令来检索令牌，但是我不确定在那之后该怎么做(说明莫名其妙地结束了.)

I'm following http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html in order to authenticate from an EC2 to RDS. I am able to run the generate-db-auth-token command to retrieve a token, but I'm not sure what to do with it after that (the instructions inexplicably end).

我已经尝试过简单地将重新输入的字符串(以及返回字段的逻辑子字符串)作为mysql客户端连接的密码传递，但这似乎不起作用.

I've tried simply passing the regurgitated string (as well as logical substrings of the returned fields) as the password of a mysql client connection, but this doesn't seem to work..

返回的令牌具有以下格式:{instance identifier}.{region}.rds.amazonaws.com:3306/?Action=connect&DBUser={auth db username}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900&X-Amz-Date=20170622T221608Z&X-Amz-SignedHeaders=host&X-Amz-Security-Token={super long, web-escaped string containing special characters}&X-Amz-Credential={some shorter, web-escaped string containing special characters}&X-Amz-Signature={some long string of alphanumeric characters}

The returned token is in the following form: {instance identifier}.{region}.rds.amazonaws.com:3306/?Action=connect&DBUser={auth db username}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900&X-Amz-Date=20170622T221608Z&X-Amz-SignedHeaders=host&X-Amz-Security-Token={super long, web-escaped string containing special characters}&X-Amz-Credential={some shorter, web-escaped string containing special characters}&X-Amz-Signature={some long string of alphanumeric characters}

非常感谢您的帮助.

推荐答案

我遇到了同样的问题，我使用的是php应用，并尝试使用CLI来确保它在添加代码修改之前可以正常工作.

I have the same issue, I'm using a php app and trying to use CLI to assure it's working before adding code modifications.

我找到了这种方式，但是我仍然遇到访问被拒绝"的问题，也许对您有用:

I found this way but I still get 'Access Denied', maybe it works for you:

$ mysql -u iam_user -h iamtest.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com \
--password=`aws rds generate-db-auth-token --hostname iamtest.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com \
--port 3306 \
--username iam_user \
--region ap-northeast-1` \
--ssl-ca=/Users/hoge/rds-combined-ca-bundle.pem \
--enable-cleartext-plugin

更新: 现在这对我有用，我在角色政策上还有另一个问题.

Update: This is working for me now, I had another issue with the role policy.

这篇关于IAM数据库身份验证-如何使用CLI生成的令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！