Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-952

Aurora IAM credentialType=AWS-IAM - Access denied for user (using password: YES)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.7.3
    • Fix Version/s: None
    • Component/s: aurora
    • Labels:
      None
    • Environment:
      Java 11, Hikari Connection Pool, AWS

      Description

      We use MariaDB driver 2.7.3 & Hikari Datasource in the Java 11 application to connect to the AWS Aurora database. Intermittently we are getting Access denied to user
      (using password: YES) error in the error log files. The following is the JDBC URL used in the application.
      ```
      jdbc:mariadb:aurora://<DB writer endpoint>:port,<DB reader endpoint>:port/<DB name>?credentialType=AWS-IAM&useSSL=true&verifyServerCertificate=true&serverSslCert=rds-combined-ca-bundle.pem&autoReconnect=true&fastConnect=true&tcpNoDelay=true&socketTimeout=0
      ```

      credentialType=AWS-IAM will use the RDS token as the password. From the error message, it looks like the expired token is used to get a database connection by the MariaDB driver. Can you please check if this is a bug in the MariaDB driver? Let us know if there is anything else we need to do from an application end? These are the properties set from the application.

      spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
      spring.datasource.hikari.minimum-idle=5
      spring.datasource.hikari.maximum-pool-size=60
      spring.datasource.hikari.idle-timeout=600000
      spring.datasource.hikari.connection-timeout=3000
      spring.datasource.hikari.validation-timeout=1000
      spring.datasource.hikari.login-timeout=2000
      spring.datasource.hikari.max-lifetime=180000
      spring.datasource.hikari.data-source-properties.cachePrepStmts=true
      spring.datasource.hikari.data-source-properties.prepStmtCacheSize=1000
      spring.datasource.hikari.data-source-properties.prepStmtCacheSqlLimit=2048
      spring.datasource.hikari.data-source-properties.useServerPrepStmts=true

        Attachments

          Activity

            People

            Assignee:
            diego dupin Diego Dupin
            Reporter:
            lijubs Liju
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.