AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Class: Aws::RDS::AuthTokenGenerator

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-rds/lib/aws-sdk-rds/customizations/auth_token_generator.rb

Overview

A utility class that generates an auth token that supports database logins. IAM credentials are used for authentication instead of the database password.

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ AuthTokenGenerator

Returns a new instance of AuthTokenGenerator.

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :credentials (required, Credentials)

    An object that responds to #credentials returning another object that responds to #access_key_id, #secret_access_key, and #session_token.



16
17
18
# File 'gems/aws-sdk-rds/lib/aws-sdk-rds/customizations/auth_token_generator.rb', line 16

def initialize(options = {})
  @credentials = options.fetch(:credentials)
end

Instance Method Details

#auth_token(params) ⇒ String

Creates an auth login token.

Parameters:

  • params (Hash)

    The parameters for auth token creation.

Options Hash (params):

  • :region (required, String)

    Region where the database is located.

  • :endpoint (required, String)

    Hostname of the database with a port number. For example: my-instance.us-west-2.rds.amazonaws.com:3306

  • :user_name (required, String)

    Username to login as.

Returns:

  • (String)


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'gems/aws-sdk-rds/lib/aws-sdk-rds/customizations/auth_token_generator.rb', line 31

def auth_token(params)
  region = params.fetch(:region)
  endpoint = params.fetch(:endpoint)
  user_name = params.fetch(:user_name)

  param_list = Aws::Query::ParamList.new
  param_list.set('Action', 'connect')
  param_list.set('DBUser', user_name)

  signer = Aws::Sigv4::Signer.new(
    service: 'rds-db',
    region: region,
    credentials_provider: @credentials
  )

  presigned_url = signer.presign_url(
    http_method: 'GET',
    url: "https://#{endpoint}/?#{param_list}",
    body: '',
    expires_in: 900
  ).to_s
  # Remove extra scheme for token
  presigned_url[8..-1]
end