使用 IAM 身份验证和 Amazon SDK for Go 连接到数据库集群 - Amazon Aurora
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

使用 IAM 身份验证和 Amazon SDK for Go 连接到数据库集群

您可以使用 Amazon SDK for Go 连接到 Aurora MySQL 或 Aurora PostgreSQL 数据库集群,如下所述。

以下是使用 IAM 身份验证连接到数据库集群的先决条件:

要运行上述代码示例,您需要使用 Amazon SDK for Go 网站上提供的 Amazon

根据需要修改以下变量的值:

  • dbName – 要访问的数据库

  • dbUser – 要访问的数据库账户

  • dbHost – 要访问的数据库集群的终端节点。

  • dbPort – 用于连接到数据库集群的端口号

  • region – 在其中运行数据库集群的 Amazon 区域

此外,请确保示例代码中的导入库存在于您的系统中。

重要

本节中的示例使用以下代码提供从本地环境访问数据库的凭证:

creds := credentials.NewEnvCredentials()

如果要从Amazon服务(如 Amazon EC2 或 Amazon ECS)访问数据库,则可以用以下代码替换:

sess := session.Must(session.NewSession())

creds := sess.Config.Credentials

如果您进行此更改,请确保添加以下导入:

"github.com/aws/aws-sdk-go/aws/session"

使用 IAM 身份验证和 Amazon SDK for Go V2 进行连接

您可以使用 IAM 身份验证和 Amazon SDK for Go V2 连接到数据库集群

以下代码示例演示如何生成身份验证令牌,然后使用该令牌连接到数据库集群

此代码连接到 Aurora MySQL 数据库集群。

package main import ( "context" "database/sql" "fmt" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/feature/rds/auth" _ "github.com/lib/pq" ) func main() { var dbName string = "DatabaseName" var dbUser string = "DatabaseUser" var dbHost string = "mysqlcluster.cluster-123456789012.us-east-1.rds.amazonaws.com " var dbPort int = 3306 var dbEndpoint string = fmt.Sprintf("%s:%d", dbHost, dbPort) var region string = "us-east-1" cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { panic("configuration error: " + err.Error()) } authenticationToken, err := auth.BuildAuthToken( context.TODO(), dbEndpoint, region, dbUser, cfg.Credentials) if err != nil { panic("failed to create authentication token: " + err.Error()) } dsn := fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=true&allowCleartextPasswords=true", dbUser, authenticationToken, dbEndpoint, dbName, ) db, err := sql.Open("mysql", dsn) if err != nil { panic(err) } err = db.Ping() if err != nil { panic(err) } }

此代码连接到 Aurora PostgreSQL 数据库集群。

package main import ( "context" "database/sql" "fmt" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/feature/rds/auth" _ "github.com/lib/pq" ) func main() { var dbName string = "DatabaseName" var dbUser string = "DatabaseUser" var dbHost string = "postgresmycluster.cluster-123456789012.us-east-1.rds.amazonaws.com" var dbPort int = 5432 var dbEndpoint string = fmt.Sprintf("%s:%d", dbHost, dbPort) var region string = "us-east-1" cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { panic("configuration error: " + err.Error()) } authenticationToken, err := auth.BuildAuthToken( context.TODO(), dbEndpoint, region, dbUser, cfg.Credentials) if err != nil { panic("failed to create authentication token: " + err.Error()) } dsn := fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s", dbHost, dbPort, dbUser, authenticationToken, dbName, ) db, err := sql.Open("postgres", dsn) if err != nil { panic(err) } err = db.Ping() if err != nil { panic(err) } }

使用 IAM 身份验证和 Amazon SDK for Go V1 进行连接

使用 IAM 身份验证和 Amazon SDK for Go V1 连接到数据库集群

以下代码示例演示如何生成身份验证令牌,然后使用该令牌连接到数据库集群

此代码连接到 Aurora MySQL 数据库集群。

package main import ( "database/sql" "fmt" "log" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/service/rds/rdsutils" _ "github.com/go-sql-driver/mysql" ) func main() { dbName := "app" dbUser := "jane_doe" dbHost := "mysqlcluster.cluster-123456789012.us-east-1.rds.amazonaws.com" dbPort := 3306 dbEndpoint := fmt.Sprintf("%s:%d", dbHost, dbPort) region := "us-east-1" creds := credentials.NewEnvCredentials() authToken, err := rdsutils.BuildAuthToken(dbEndpoint, region, dbUser, creds) if err != nil { panic(err) } dsn := fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=true&allowCleartextPasswords=true", dbUser, authToken, dbEndpoint, dbName, ) db, err := sql.Open("mysql", dsn) if err != nil { panic(err) } err = db.Ping() if err != nil { panic(err) } }

此代码连接到 Aurora PostgreSQL 数据库集群。

package main import ( "database/sql" "fmt" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/service/rds/rdsutils" _ "github.com/lib/pq" ) func main() { dbName := "app" dbUser := "jane_doe" dbHost := "postgresmycluster.cluster-123456789012.us-east-1.rds.amazonaws.com" dbPort := 5432 dbEndpoint := fmt.Sprintf("%s:%d", dbHost, dbPort) region := "us-east-1" creds := credentials.NewEnvCredentials() authToken, err := rdsutils.BuildAuthToken(dbEndpoint, region, dbUser, creds) if err != nil { panic(err) } dsn := fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s", dbHost, dbPort, dbUser, authToken, dbName, ) db, err := sql.Open("postgres", dsn) if err != nil { panic(err) } err = db.Ping() if err != nil { panic(err) } }