AWS.RDS.signer + TypeORM

See original GitHub issue

Hi,

I was wondering if you could provide some guidance. I’m using TypeORM and I’m trying to connect to an RDS Aurora MySQL instance using IAM authentication. I’m not sure if I have the correct syntax in the authPlugins object. I’m getting the following error:

Access denied for user ‘xxxxxxxxxx’@‘yyyyyyyyyyy’ (using password: YES)

Aurora MySQL engine is 5.7.mysql_aurora.2.04.5

    const signer = new AWS.RDS.Signer({
      region,
      username,
      hostname,
      port: 3306
    });

createConnection({
      host,
      username,
      database,
      entities: [..., ....],
      ssl: 'Amazon RDS',
      extra: {
        authPlugins: {
          mysql_clear_password: () => () =>
            signer.getAuthToken({
              username,
              region,
              hostname,
              port: 3306
            })
        }
      }
    });

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:4
  • Comments:9 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
cdavis21commented, Feb 26, 2020

Thank you for your quick response. When I try what you have suggested above I receive:

Error: Server requests authentication using unknown plugin mysql_clear_password. See TODO: add plugins doco here on how to configure or author authentication plugins.

When I try the below I receive the Access denied for user ‘xxxxxxxxxx’@‘yyyyyyyyyyy’ (using password: YES) still.

I’m thinking because I’m using TypeORM and not the mysql client directly, the syntax differs? Here is another article using the deprecated authSwitchHandler method with TypeORM https://tech.bitbank.cc/typeorm-iam-rds/ (code in english, article in Japanese)

createConnection({
      host,
      username,
      database,
      entities: [..., ....],
      ssl: 'Amazon RDS',
      extra: {
        authPlugins: {
          mysql_clear_password: rdsSignerAuth
        }
      }
    });
0reactions
antoniot13commented, Jul 12, 2021

Any updates on this ?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Class: AWS.RDS.Signer — AWS SDK for JavaScript
A signer object can be used to generate an auth token to a database. Constructor Summary collapse. new AWS.RDS.Signer(options) ⇒ void constructor.
Read more >
Connect to Amazon RDS PostgresQL Proxy with IAM ...
I'm trying to figure out how to connect to a RDS PG Proxy within a lambda function using TypeORM ( ...
Read more >
aws-sdk-js-v3-rds-signer - npm
An AWS IAM database authentication token signer for RDS, implementing RDS.Signer for AWS SDK for JS v3. Latest version: 1.0.1, ...
Read more >
Setup AWS Lambda to Use Amazon RDS Proxy - Deni Apps
And we need to point the connection to RDS Proxy instead of RDS, and since we use IAM authentication, we add RDS.singer to...
Read more >
RDS Proxy via SAM - DEV Community ‍ ‍
AWS introduced RDS Proxy to handle some of the issues related to Connection ... Here is what you need to do (I used...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found