class Aws::RDS::AuthTokenGenerator
A utility class that generates an auth token that supports database logins. IAM credentials are used for authentication instead of the database password.
@see docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
Public Class Methods
new(options = {})
click to toggle source
@option options [required, Credentials] :credentials An object that
responds to `#credentials` returning another object that responds to `#access_key_id`, `#secret_access_key`, and `#session_token`.
# File lib/aws-sdk-rds/customizations/auth_token_generator.rb, line 16 def initialize(options = {}) @credentials = options.fetch(:credentials) end
Public Instance Methods
auth_token(params)
click to toggle source
Creates an auth login token.
@param [Hash] params The parameters for auth token creation. @option params [required, String] :region Region where the database
is located.
@option params [required, String] :endpoint Hostname of the database
with a port number. For example: my-instance.us-west-2.rds.amazonaws.com:3306
@option params [required, String] :user_name Username to login as.
@return [String]
# File lib/aws-sdk-rds/customizations/auth_token_generator.rb, line 31 def auth_token(params) region = params.fetch(:region) endpoint = params.fetch(:endpoint) user_name = params.fetch(:user_name) param_list = Aws::Query::ParamList.new param_list.set('Action', 'connect') param_list.set('DBUser', user_name) signer = Aws::Sigv4::Signer.new( service: 'rds-db', region: region, credentials_provider: @credentials ) presigned_url = signer.presign_url( http_method: 'GET', url: "https://#{endpoint}/?#{param_list}", body: '', expires_in: 900 ).to_s # Remove extra scheme for token presigned_url[8..-1] end