The project is in a healthy, maintained state
Mysql2::AwsRdsIam is an extension of mysql2 gem that adds support of IAM authentication when connecting to MySQL in Amazon RDS.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

 Project Readme

Mysql2::AwsRdsIam

GemCI

Mysql2::AwsRdsIam is an extension of mysql2 gem that adds support of IAM authentication when connecting to MySQL in Amazon RDS.

This gem is a powerful tool that enables seamless connection to MySQL databases using the mysql2 gem. It leverages the dynamic password generation feature of AWS RDS IAM authentication for enhanced security and easy password management.

Installation

Install manually:

$ gem install mysql2-aws_rds_iam

or with Bundler:

$ bundle add mysql2-aws_rds_iam

Usage

To leverage IAM authentication for your database connections, follow these steps:

  1. Enable IAM authentication for your database through AWS
  2. Add IAM credentials to your application.
  3. Set up your application to generate authentication tokens.

Application configurations

The default algorithm is Mysql2::AwsRdsIam's default authentication token generator. Credentials and region are extracted using aws-sdk-rds configurations.

Apply msql2 patch

To connect to your MySQL database, you need to create initializer file that applies the patch:

# config/initializers/tcc_rds_iam_auth.rb

Tcc::RdsIamAuth.apply_patch

Configure database.yml

New rds_iam_auth_host parameter must be added to the database.yml file:

production:
  # ...
  aws_rds_iam_auth: true

Custom token generator

If the default generator doesn't meet your needs, you can create a custom one

# config/initializers/tcc_rds_iam_auth.rb

Mysql2::AwsRdsIam.auth_token_registry.add(:custom, ->(host, port, username) { 'your custom logic' })

and specify it in database.yml

production:
  # ...
  aws_rds_iam_auth: true
  aws_rds_iam_auth_token_generator: custom

Mysql2::AwsRdsIam.auth_token_registry accepts two parameters:

  1. Generator name. The same name should be specified in database.yml
  2. Object that responds to call method and accepts 3 arguments (host, port, username) specified in database.yml.
Possible generator types
  • Lambda
    Mysql2::AwsRdsIam.auth_token_registry.add(:custom, ->(host, port, username) { 'your custom logic' })
  • Generator instance
    class CustomGenerator
      def call(host, port, username)
        GenerateMyCode
      end
    end
    
    Mysql2::AwsRdsIam.auth_token_registry.add(:custom, CustomGenerator.new)
  • Generator class
    class CustomGenerator
      def self.call(host, port, username)
        GenerateMyCode
      end
    end
    
    Mysql2::AwsRdsIam.auth_token_registry.add(:custom, CustomGenerator)

Development

After checking out the repo, run bin/setup to install dependencies. Then, run bundle exec rake to run the tests and linter. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/floor114/mysql2-aws_rds_iam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Special Thanks

Inspired by Andrew Haines' PG version pg-aws_rds_iam