Class: Aws::RDS::AuthTokenGenerator

Inherits:

Object

• Object
• Aws::RDS::AuthTokenGenerator

Defined in:

lib/aws-sdk-rds/customizations/auth_token_generator.rb

Overview

A utility class that generates an auth token that supports database logins. IAM credentials are used for authentication instead of the database password.

See Also:

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

Instance Method Summary

• #generate_auth_token(options) ⇒ String (also: #auth_token)

  Creates an auth login token.

• #initialize(options = {}) ⇒ AuthTokenGenerator constructor

  A new instance of AuthTokenGenerator.

Constructor Details

#initialize(options = {}) ⇒ AuthTokenGenerator

Returns a new instance of AuthTokenGenerator.

Options Hash (options):

• :credentials (Credentials) —

  An object that responds to #credentials returning another object that responds to #access_key_id, #secret_access_key, and #session_token.

# File 'lib/aws-sdk-rds/customizations/auth_token_generator.rb', line 16

def initialize(options = {})
  @credentials = options.fetch(:credentials)
end

Instance Method Details

#generate_auth_token(options) ⇒ String Also known as: auth_token

Creates an auth login token.

Options Hash (options):

• :region (String) —

  The region where the database is located.

• :endpoint (String) —

  The hostname of the database with a port number. For example: my-instance.us-west-2.rds.amazonaws.com:3306

• :user_name (String) —

  The username to login as.

• :expires_in (Integer) — default: 900 —

  The number of seconds the token is valid for.

# File 'lib/aws-sdk-rds/customizations/auth_token_generator.rb', line 32

def generate_auth_token(options)
  region = options.fetch(:region)
  endpoint = options.fetch(:endpoint)
  user_name = options.fetch(:user_name)

  param_list = Aws::Query::ParamList.new
  param_list.set('Action', 'connect')
  param_list.set('DBUser', user_name)

  signer = Aws::Sigv4::Signer.new(
    service: 'rds-db',
    region: region,
    credentials_provider: @credentials
  )

  presigned_url = signer.presign_url(
    http_method: 'GET',
    url: "https://#{endpoint}/?#{param_list}",
    body: '',
    expires_in: options[:expires_in]
  ).to_s
  # Remove extra scheme for token
  presigned_url[8..-1]
end