问题
I am new to AWS world and still learning. It's been only a month that I am trying things.
I have been looking for it for quite a few days now and haven't been able to find a correct and more appropriate solution. Therefore it would be great if somebody can help me by giving a sample code, provide some pointer or guide in the right direction.
I have a AWS RDS MySQL instance and a database created. I have configured "IAM DB AUthentication Enabled" to "Yes".
Created an IAM Role and Policy as per AWS documentation.
And finally, I have an EC2 instance with Tomcat with my Java/Spring application deployed and running in it. I am able to access the MySQL database using database credentials (like db user name, password, db url, etc.) successfully. So I know things are setup properly now.
Can somebody please help me know how to connect to this database from my Java/Spring application using spring-jdbc and AWS IAM Authentication (the IAM role I created above)?
I read somewhere that I need the certificate file or certificate bundle file in my application environment and that I need to generate a token to be connected to the database. But I am not able to think on how to put it together.
Any help will be highly appreciated.
Thanks.
回答1:
I had a similar problem recently.
This is what I did:
- Included Spring Cloud AWS JDBC and Spring Data JPA
- Implemented a custom DataSourceFactory, which generates an IAM access token and uses that for the connection
You can find a full step-by-step guide here.
Btw., Spring Cloud AWS JDBC provides some additional benefits, like read replica or failover support, and you only have to provide the instance ID of your RDS instance, and not the full canonical endpoint.
回答2:
I know this is an older question, but after a some searching I found a pretty easy way you can now do this using the MariaDB driver. In version 2.5 they added an AWS IAM credential plugin to the driver. It will handle generating, caching and refreshing the token automatically.
I've tested using Spring Boot 2.3 with the default HikariCP connection pool and it is working fine for me with these settings:
spring.datasource.url=jdbc:mariadb://host/db?credentialType=AWS-IAM&useSsl&serverSslCert=classpath:rds-combined-ca-bundle.pem
spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
spring.datasource.username=iam_username
#spring.datasource.password=dont-need-this
spring.datasource.hikari.maxLifetime=600000
Download rds-combined-ca-bundle.pem and put it in src/main/resources so you can connect via SSL.
You will need these dependencies on the classpath as well:
runtime 'org.mariadb.jdbc:mariadb-java-client'
runtime 'com.amazonaws:aws-java-sdk-rds:1.11.880'
The driver uses the standard DefaultAWSCredentialsProviderChain so make sure you have credentials with policy allowing IAM DB access available wherever you are running your app.
Addionally, if you want failover support like @markusgulden mentioned in his answer, you can use the aurora mode described here. Your endpoint would then look like
jdbc:mariadb:aurora://host/db?credentialType=AWS-IAM&useSsl&serverSslCert=classpath:rds-combined-ca-bundle.pem
Hope this helps someone else - most examples I found online involved custom code, background threads, etc - but using the new driver feature is much easier!
来源:https://stackoverflow.com/questions/50220991/how-do-i-connect-to-aws-rds-mysql-from-java-spring-application-using-aws-iam-aut