Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-518

Support AWS RDS IAM Authentication with long living connection failover

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 1.5.8
    • Fix Version/s: N/A
    • Component/s: aurora, Failover
    • Labels:
      None

      Description

      AWS added support for using IAM to authenticate to RDS a few months ago. RDS IAM Auth

      This can work for the initial connection, but effectively, the password changes every 15 minutes. AbstractConnectProtocol stores a password at connection creation time. This means that if the connection has been alive longer than 15 minutes and a failover occurs, then the reconnection attempt will fail as the stored password is no longer valid.

      When using a connection pool this can be worked around by setting the max lifespan to 15 minutes, but we have code with long running manually managed connections. I could also apply lifespan logic, but it would be preferable for the driver to handle that.

      The problem really extends to the UrlParser which also stores a password. Having some sort of user extensible password provider would likely be enough.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              diego dupin Diego Dupin
              Reporter:
              jsteinich Jon Steinich
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration