使用IAM结果密码错误连接到RD

发布于 2025-02-13 00:24:23 字数 2075 浏览 1 评论 0原文

您好，我在AWS上创建了RD，并创建了一个策略此许可基于

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
             "rds-db:connect"
         ],
         "Resource": [
             "arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDEFGHIJKL01234/db_user"
         ]
      }
   ]
}

've有一个使用Spesific密码定义的通用用户，

我尝试使用用户登录，而不是我尝试设置的密码

 private static Properties setMySqlConnectionProperties() {
        Properties mysqlConnectionProperties = new Properties();
        mysqlConnectionProperties.setProperty("verifyServerCertificate","true");
        mysqlConnectionProperties.setProperty("useSSL", "true");
        mysqlConnectionProperties.setProperty("user",DB_USER);
        mysqlConnectionProperties.setProperty("password",generateAuthToken());
        return mysqlConnectionProperties;
    }




public static String generateAuthToken(String region, String hostName, int port, String username) {

        RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder()
                .credentials(new DefaultAWSCredentialsProviderChain())
                .region(region)
                .build();

        String authToken = generator.getAuthToken(
                GetIamAuthTokenRequest.builder()
                        .hostname(hostName)
                        .port(port)
                        .userName(username)
                        .build());

        return authToken;
    }

我在我的情况下与postgresql一起使用这会导致

"FATAL: password authentication failed for user \"root\"","error.stack_trace":"org.postgresql.util.PSQLException: FATAL: password authentication failed for user \"root\"

我的root用户应支持IAM，我可以验证如何修复它以

在下面看到它，您可以从AWS中看到我的策略是定义的

原文

Hello i have create an RDS on AWS, and created a policy
with this permission based on this link

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
             "rds-db:connect"
         ],
         "Resource": [
             "arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDEFGHIJKL01234/db_user"
         ]
      }
   ]
}

I've have a general user that defined with a spesific password

i tried login with the user but instead of the password i tried to set
auth token link in this guide

 private static Properties setMySqlConnectionProperties() {
        Properties mysqlConnectionProperties = new Properties();
        mysqlConnectionProperties.setProperty("verifyServerCertificate","true");
        mysqlConnectionProperties.setProperty("useSSL", "true");
        mysqlConnectionProperties.setProperty("user",DB_USER);
        mysqlConnectionProperties.setProperty("password",generateAuthToken());
        return mysqlConnectionProperties;
    }




public static String generateAuthToken(String region, String hostName, int port, String username) {

        RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder()
                .credentials(new DefaultAWSCredentialsProviderChain())
                .region(region)
                .build();

        String authToken = generator.getAuthToken(
                GetIamAuthTokenRequest.builder()
                        .hostname(hostName)
                        .port(port)
                        .userName(username)
                        .build());

        return authToken;
    }

Im using in my case with postgresql
and it result this error

"FATAL: password authentication failed for user \"root\"","error.stack_trace":"org.postgresql.util.PSQLException: FATAL: password authentication failed for user \"root\"

my root user should support with IAM, what can i validate in order to fix it

below you can see from AWS, that my policy is defined

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

听，心雨的声音 2025-02-20 00:24:23

首先，我所有的错误 - 我使用了DB名称而不是DBI资源ID

这是预期的格式：

arn:aws:rds-db:region:account-id:dbuser:DbiResourceId/db-user-name

，以下是代码

data "aws_iam_policy_document" "policy_fooweb_job" {
  statement {
    actions = [
      "rds-db:connect"
    ]
    effect = "Allow"
    resources = [
      "arn:aws:rds-db:${var.region}:${data.aws_caller_identity.current.account_id}:dbuser:${data.aws_db_instance.database.resource_id}/someUser"
    ]
  }
}

## get the db instance
data "aws_db_instance" "database" {
  db_instance_identifier = "company-oltp1"
}

First all i had a bug - i used the db name instead DBI resource ID

This is the expected format:

arn:aws:rds-db:region:account-id:dbuser:DbiResourceId/db-user-name

and here is the code

data "aws_iam_policy_document" "policy_fooweb_job" {
  statement {
    actions = [
      "rds-db:connect"
    ]
    effect = "Allow"
    resources = [
      "arn:aws:rds-db:${var.region}:${data.aws_caller_identity.current.account_id}:dbuser:${data.aws_db_instance.database.resource_id}/someUser"
    ]
  }
}

## get the db instance
data "aws_db_instance" "database" {
  db_instance_identifier = "company-oltp1"
}

回复收藏 0 原文

~没有更多了~