以为我会问这个团队,我正在对此表示震惊。
我们正在尝试通过IAM角色和节点来设置Aurora/RDS(MySQL)访问。
我们已经尝试了多种不同的方法,以及两个特定的节点/mysql库(https://github.com/mysqljs/mysql and https://github.com/sidorares/nodeorares/node-mysql2)exiP>
我们能够使用RDS签名者生成适当的令牌,并且我们获得了有效的令牌。
然后,我们尝试连接到DB,如下所示。我们已经尝试了以上两个库的多种不同方法 - 似乎我们需要启用mySQL清除密码(根据https://github.com/sidorares/node-mysql2/sissues/438#issuecomment--sidorarares/node-mysql2/node-mysqomment--255343793)
我们的代码(给予或取用)是:
var AWS = require('AWS-SDK');
AWS.config.update({ "accessKeyId": "{valid access key}", "secretAccessKey": "{valid secret access key}", "region": "eu-west-1" });
var mysql = require('mysql2');
var signer = new AWS.RDS.Signer({
credentials: new AWS.SharedIniFileCredentials({profile: 'default'}),
region: 'eu-west-1',
hostname: '{rds database host}',
port: 3306,
username: '{rds database username}'
});
signer.getAuthToken({}, function(err, token){
console.log(token);
var connection = mysql.createConnection({
host : '{rds database host}',
user : '{rds database username}',
password : token,
port : 3306,
database: '{rds database}'
,authSwitchHandler: function ({pluginName, pluginData}, cb) {
if (pluginName === 'mysql_clear_password') {
// https://dev.mysql.com/doc/internals/en/clear-text-authentication.html
var password = dbConf.password + '�';
var buffer = Buffer.from(password);
cb(null, buffer);
} else {
const err = new Error(`Unknown AuthSwitchRequest plugin name ${pluginName}`);
err.fatal = true;
cb(err);
}
}
});
connection.connect(function(err) {
if (err) {
console.error('Database connection failed: ' + err.stack);
return;
}
console.log('Connected to database.');
});
connection.end();
});
我们得到:
Database connection failed: Error: Access denied for user '{dbuser}'@'{ip address}' (using password: YES)
at Packet.asError (C:UsersTerry.BrownDesktopiam-rds-authnode_modulesmysql2libpacketspacket.js:703:13)
at ClientHandshake.Command.execute (C:UsersTerry.BrownDesktopiam-rds-authnode_modulesmysql2libcommandscommand.js:28:22)
at Connection.handlePacket (C:UsersTerry.BrownDesktopiam-rds-authnode_modulesmysql2libconnection.js:515:28)
at PacketParser.onPacket (C:UsersTerry.BrownDesktopiam-rds-authnode_modulesmysql2libconnection.js:94:16)
at PacketParser.executeStart (C:UsersTerry.BrownDesktopiam-rds-authnode_modulesmysql2libpacket_parser.js:77:14)
at Socket.<anonymous> (C:UsersTerry.BrownDesktopiam-rds-authnode_modulesmysql2libconnection.js:102:29)
at emitOne (events.js:115:13)
at Socket.emit (events.js:210:7)
at addChunk (_stream_readable.js:250:12)
at readableAddChunk (_stream_readable.js:237:11)
我觉得我们缺少一个步骤,但我不知道这是什么。有人解决了Aurora/RDS/IAM/Node Dance并可以给任何指针吗?
谢谢:)
您是否从命令行中使用它?我为此而苦苦挣扎,直到有人找到这个。
下载https://s3.amazonaws.com/rds-downloads/rds-combined-cabined-ca-bundle.pem并将--ssl-ca=rds-combined-ca-bundle.pem添加到您的命令行。
令人沮丧的是,因为那不是在AWS演练中(至少还没有,我们的Tam将把它放在那里)。
如果在命令行上使用,请尝试将其添加到您的连接配置对象:
ssl: {
ca: fs.readFileSync("/tmp/rds-combined-ca-bundle.pem")
},
应该使您更进一步。