[CONJ-518] Support AWS RDS IAM Authentication with long living connection failover - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Minor
Resolution: Duplicate
Affects Version/s: 1.5.8
Fix Version/s: N/A
Component/s: aurora, Failover
Labels:
None

Description

AWS added support for using IAM to authenticate to RDS a few months ago. RDS IAM Auth

This can work for the initial connection, but effectively, the password changes every 15 minutes. AbstractConnectProtocol stores a password at connection creation time. This means that if the connection has been alive longer than 15 minutes and a failover occurs, then the reconnection attempt will fail as the stored password is no longer valid.

When using a connection pool this can be worked around by setting the max lifespan to 15 minutes, but we have code with long running manually managed connections. I could also apply lifespan logic, but it would be preferable for the driver to handle that.

The problem really extends to the UrlParser which also stores a password. Having some sort of user extensible password provider would likely be enough.

Attachments

Issue Links

relates to

CONJ-695 Support AWS RDS IAM Authentication

Closed

CONC-310 Pool functionality won't work with Aurora IAM Authentication

Closed

Activity

People

Assignee:: Diego Dupin

Reporter:: Jon Steinich

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-08-29 21:10

Updated:: 2019-08-30 09:48

Resolved:: 2019-08-30 09:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.