Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDS: Support enabling IAM DATABASE Authentication #1558

Closed
RomainMuller opened this issue Jan 16, 2019 · 6 comments · Fixed by #9887
Closed

RDS: Support enabling IAM DATABASE Authentication #1558

RomainMuller opened this issue Jan 16, 2019 · 6 comments · Fixed by #9887
Assignees
@njlynch
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p1
Milestone
[GA] RDS

Comments

@RomainMuller
Copy link
Contributor

RomainMuller commented Jan 16, 2019
edited by nija-at
Loading

The current RDS constructs do not surface the IAM DB Authentication configuration, making it unusable without resorting to escape hatches.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
@RomainMuller RomainMuller added feature-request A feature should be added or improved. @aws-cdk/aws-rds Related to Amazon Relational Database labels Jan 16, 2019
@RomainMuller RomainMuller self-assigned this Jan 16, 2019
@RomainMuller
Copy link
Contributor Author

I have a WIP for this, but the permission-granting API for the grantConnect primitive requires the "resource ID" of the DBInstances, which isn't surfaced by CloudFormation (hence requires a CustomResource).

@saltman424
Copy link
Contributor

+1

@skinny85 skinny85 self-assigned this Aug 12, 2019
@gbooth27
Copy link

any news on this?

@skinny85
Copy link
Contributor

@RomainMuller did you submit your WiP anywhere?

@RomainMuller
Copy link
Contributor Author

@skinny85 - nope I never managed to finish that completely; and the underlying APIs changed quite a bit in between... so it's as good as not existent.

@RomainMuller RomainMuller assigned nija-at and unassigned RomainMuller and skinny85 Jan 24, 2020
@nija-at nija-at added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md labels Feb 6, 2020
@nija-at
Copy link
Contributor

nija-at commented Feb 6, 2020

Work left here is to build a grantConnect() method that will grant an IAM IPrincipal with the permissions to connect. Any calls to grantConnect() should automatically turn set the iamAuthentication property, if not already.

@aripalo aripalo mentioned this issue Jun 9, 2020
Closed
@skinny85 skinny85 added this to the RDS to 'stable' milestone Jul 8, 2020
@nija-at nija-at assigned skinny85 and unassigned nija-at Jul 14, 2020
@skinny85 skinny85 added the p1 label Aug 19, 2020
@njlynch njlynch assigned njlynch and unassigned skinny85 Aug 20, 2020
@njlynch njlynch added the in-progress This issue is being actively worked on. label Aug 20, 2020
njlynch added a commit that referenced this issue Aug 21, 2020
@njlynch
feat(rds): grantConnect for database instances
132f2b2 
As a follow-on to enabling IAM database auth, this change makes it easier to
grant a user/role access to the database via policy.

fixes #1558
@njlynch njlynch mentioned this issue Aug 21, 2020
Merged
@mergify mergify bot closed this as completed in #9887 Aug 24, 2020
mergify bot pushed a commit that referenced this issue Aug 24, 2020
@njlynch
feat(rds): grantConnect for database instances (#9887)
e893828 
As a follow-on to enabling IAM database auth, this change makes it easier to
grant a user/role access to the database via policy.

fixes #1558

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@henripoikonen henripoikonen mentioned this issue Dec 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njlynch njlynch

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
[GA] RDS
Development

Successfully merging a pull request may close this issue.

feat(rds): grantConnect for database instances aws/aws-cdk
6 participants
@RomainMuller @skinny85 @njlynch @saltman424 @gbooth27 @nija-at