Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to connect to a db using IAM in AWS #227

Closed
1 task done
akeemphilbert opened this issue Jan 11, 2023 · 0 comments
Closed
1 task done

Add the ability to connect to a db using IAM in AWS #227

akeemphilbert opened this issue Jan 11, 2023 · 0 comments
Assignees
@IshikaGopie
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@akeemphilbert
Copy link
Contributor

akeemphilbert commented Jan 11, 2023
edited by Aidan-E
Loading

Right now we use RDS in AWS with weos projects that are deployed to prod. To be able to use AWS IAM the framework should first authenticate using the AWS SDK after which the token that is generated is used as the password in the standard DB connection

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Go.html#UsingWithRDS.IAMDBAuth.Connecting.GoV2

Example:

package main

import (
     "context"
     "database/sql"
     "fmt"

     "github.com/aws/aws-sdk-go-v2/config"
     "github.com/aws/aws-sdk-go-v2/feature/rds/auth"
     _ "github.com/lib/pq"
)

func main() {

     var dbName string = "DatabaseName"
     var dbUser string = "DatabaseUser"
     var dbHost string = "postgresmydb.123456789012.us-east-1.rds.amazonaws.com"
     var dbPort int = 5432
     var dbEndpoint string = fmt.Sprintf("%s:%d", dbHost, dbPort)
     var region string = "us-east-1"

    cfg, err := config.LoadDefaultConfig(context.TODO())
    if err != nil {
    	panic("configuration error: " + err.Error())
    }

    authenticationToken, err := auth.BuildAuthToken(
    	context.TODO(), dbEndpoint, region, dbUser, cfg.Credentials)
    if err != nil {
	    panic("failed to create authentication token: " + err.Error())
    }

    dsn := fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s",
        dbHost, dbPort, dbUser, authenticationToken, dbName,
    )

    db, err := sql.Open("postgres", dsn)
    if err != nil {
        panic(err)
    }

    err = db.Ping()
    if err != nil {
        panic(err)
    }
}
  • wepala/weos-service#9

UAT

  1. Create database
  2. Add role
  3. Give the role access to IAM
  4. Add account

Expected result: Account appears in AWS IAM db
Actual result:
@akeemphilbert akeemphilbert added enhancement New feature or request good first issue Good for newcomers labels Jan 11, 2023
akeemphilbert added a commit that referenced this issue Jan 13, 2023
@akeemphilbert
feature: #227 Added tests for the IAM functionality
29b888d 
* Updated the signature for SQLConnectionFromConfig to return the connection string to make it more testable
* Added two variable to the DB config, one for specifying that IAM is to be used and the other for the AWS Region
* Added InvalidAWSDriver error to be used when an incompatible driver is specified
IshikaGopie added a commit that referenced this issue Jan 13, 2023
@IshikaGopie
feature #227: updated the SQLConnectionFromConfig function to connect…
25f97e9 
… to a db using IAM in AWS
IshikaGopie added a commit that referenced this issue Jan 17, 2023
@IshikaGopie
feature #227: updated connection string to include the parameters tha…
0d1a631 
…t are needed to get the mysql working with GORM
@Aidan-E Aidan-E closed this as completed Jan 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IshikaGopie IshikaGopie

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akeemphilbert @IshikaGopie @Aidan-E