Spring boot connectivity to AWS RDS PostgreSQL using IAM | AWS Advanced JDBC Wrapper
ฝัง
- เผยแพร่เมื่อ 22 ส.ค. 2024
- This video will demonstrate how to connect a java spring boot application to an AWS Aurora RDS PostgreSQL database using IAM authentication without the need for database password. We will be using aws-advanced-jdbc-wrapper jdbc which will check and refresh the token whenever you establish a new connection or when the existing token has expired
Source Code: github.com/vis...
Commands used:
kubectl create sa my-sa
kubectl annotate serviceaccount my-sa eks.amazonaws.com/role-arn=arn:aws:iam::REPLACE_WITH_ACCOUNT_ID:role/pg-role
kubectl run -it multitool --image=praqma/network-multitool --overrides='{ "spec": { "serviceAccount": "my-sa" } }' -- bash
apk add postgresql
apk add postgresql-contrib
apk add openjdk17 --repository=dl-cdn.alpinel...
psql -h database-1.cluster-cabcdefg.us-east-1.rds.amazonaws.com -p 5432 -d demodb -U pgadmin
CREATE USER iamuser WITH LOGIN;
GRANT rds_iam TO iamuser;
References:
github.com/aws...
github.com/aws...
aws.amazon.com...
docs.aws.amazo...
aws.amazon.com...
truststore.pki...
This is not working as of today. Error says certificate not found on path.
What I tried. Downloaded the GitHub code as is, just changed the end point of db url in app properties. Built code, built docker, deployed on eks. Created role and policies correctly. Us east 2 region and us east 2 bundle pem certificate file.
Nice explanation.. thank you. It worked for me for IAM but i get an error for SSL. Unable to find valid certification path to requested target. Did u get this issue?
Did you provide the certificate in the jdbc url? Also make sure the certificate actually exists for the driver to pick up
Were you able to solve this? If yes can you pls say how?
Is SSL mandatory to connect to RDS through IAM role?
No but its highly recommended for security reasons
Hi, Have you tried failover plugin in this wrapper?
Yes and it works :)
@@visa2learn it doesn't work for a global aurora cluster
I posted the question in the GitHub discussions of aws jdbc wrapper.. they said this feature currently doesn't work for global aurora cluster..
Thanks for the update. I had tried it with writer fail and one of the reader taking over and the application worked seamlessly. But as you said it might still be not supported for a global aurora cluster
nice but I got ENDPOINT_PROVIDER field not configured issue.
Never faced this error. Make sure you provide all the datasource related properties in your properties file
@@visa2learn found AWS core dependency is missing..after adding it I didn't get endpoint provider issue. But now I'm getting PAM user authentication failed issue. Through IntelliJ I'm able to connect with IAM token though
If it's working using IAM token using intellij, that means your user is setup correctly and connectivity is also fine. I would suggest you go through this troubleshooting link to see if you are missing any step for IAM role for service account. aws.amazon.com/premiumsupport/knowledge-center/eks-troubleshoot-oidc-and-irsa/