Improved authentication plugin management
(CONJ-733)
|
|
| Status: | Closed |
| Project: | MariaDB Connector/J |
| Component/s: | aurora, authentication |
| Affects Version/s: | 2.4.1 |
| Fix Version/s: | 2.5.0 |
| Type: | Sub-Task | Priority: | Minor |
| Reporter: | Semyon Fishman | Assignee: | Diego Dupin |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Environment: |
AWS RDS |
||
| Issue Links: |
|
||||||||
| Description |
|
AWS IAM Database Authentication is a great feature in AWS RDS Aurora. While MariaDB Connector/J already has great support for Aurora clustering, it does not yet have support for IAM authentication. In a nutshell, IAM Database Authentication allows authenticating with the database using AWS Identity and Access Management (IAM), instead of a password. In practice this allows for much easier, and arguably more secure, setup of AWS environments - like EC2, ECS, and Lambda - as passwords no longer need to be communicated to those environments. IAM is already built-in to these environments. Moreover, non-AWS environments (like developer machines) can have IAM credentials setup as well, which allows them to connect to their AWS RDS databases without passwords. See this for instructions The instructions for integrating a JDBC driver with AWS IAM Database Authentication are here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Java.html Chances are a bunch of people have come up with their own ad-hoc integrations, duplicating each others' work. Moreover as mentioned in I suggest we integrate AWS IAM authentication natively into the MariaDB driver. This feature could be as easy as a new option, something like awsIamAutentication=true in the URL. Any thoughts? |
| Comments |
| Comment by Diego Dupin [ 2019-09-24 ] |
|
See https://github.com/MariaDB/mariadb-connector-j/commit/b653d149dfa5ca378a280609e7cf1982dcd10b43 Parameters can be set in AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION environment variables. |
[CONJ-695]