IAM数据库身份验证-如何使用CLI生成的令牌 [英] IAM Database Authentication - How to use CLI generated Token
问题描述
我正在关注 http://docs.aws. amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html 以便从EC2向RDS进行身份验证.我可以运行generate-db-auth-token
命令来检索令牌,但是我不确定在那之后该怎么做(说明莫名其妙地结束了.)
I'm following http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html in order to authenticate from an EC2 to RDS. I am able to run the generate-db-auth-token
command to retrieve a token, but I'm not sure what to do with it after that (the instructions inexplicably end).
我已经尝试过简单地将重新输入的字符串(以及返回字段的逻辑子字符串)作为mysql客户端连接的密码传递,但这似乎不起作用.
I've tried simply passing the regurgitated string (as well as logical substrings of the returned fields) as the password of a mysql client connection, but this doesn't seem to work..
返回的令牌具有以下格式:{instance identifier}.{region}.rds.amazonaws.com:3306/?Action=connect&DBUser={auth db username}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900&X-Amz-Date=20170622T221608Z&X-Amz-SignedHeaders=host&X-Amz-Security-Token={super long, web-escaped string containing special characters}&X-Amz-Credential={some shorter, web-escaped string containing special characters}&X-Amz-Signature={some long string of alphanumeric characters}
The returned token is in the following form: {instance identifier}.{region}.rds.amazonaws.com:3306/?Action=connect&DBUser={auth db username}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900&X-Amz-Date=20170622T221608Z&X-Amz-SignedHeaders=host&X-Amz-Security-Token={super long, web-escaped string containing special characters}&X-Amz-Credential={some shorter, web-escaped string containing special characters}&X-Amz-Signature={some long string of alphanumeric characters}
非常感谢您的帮助.
推荐答案
我遇到了同样的问题,我使用的是php应用,并尝试使用CLI来确保它在添加代码修改之前可以正常工作.
I have the same issue, I'm using a php app and trying to use CLI to assure it's working before adding code modifications.
我找到了这种方式,但是我仍然遇到访问被拒绝"的问题,也许对您有用:
I found this way but I still get 'Access Denied', maybe it works for you:
$ mysql -u iam_user -h iamtest.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com \
--password=`aws rds generate-db-auth-token --hostname iamtest.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com \
--port 3306 \
--username iam_user \
--region ap-northeast-1` \
--ssl-ca=/Users/hoge/rds-combined-ca-bundle.pem \
--enable-cleartext-plugin
更新: 现在这对我有用,我在角色政策上还有另一个问题.
Update: This is working for me now, I had another issue with the role policy.
这篇关于IAM数据库身份验证-如何使用CLI生成的令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!