Skip to content

Lucas3oo/solrike-aws-extras

BranchesTags

Repository files navigation

solrike-aws-extras

build workflow

Utility classes for AWS. Depends on AWS SDK v2.

Java SQL Datasource factory which enables IAM authentication with AWS RDS like MySQL on any Hikari datasource. That means password-less access from the application towards the DB.

In the src/test folder there are some samples on how to use the factory for Spring and Micronaut.

This library isn't dependent on Spring or Micronaut but the tests in it are. It only depends on Hikari and AWS RDS libraries.

The reason for the actual implementation of datasource factory is left in test folder is that for Micronaut you need the annotation processor to crunch the code so it is better that the application that uses this library implements this factory instead. But feel free to copy the code. It is basically only the wiring you need to do.

Datasource factory for IAM authentication

Setup step by step

  1. Create AWS RDS. Make sure to enable IAM authentication.

  2. Create the DB and the user that shall be used by the application

CREATE DATABASE database1;

CREATE USER myAppDbUser IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
GRANT CREATE, DELETE, INSERT, SELECT, UPDATE, SHOW VIEW ON database1.* TO myAppDbUser;
  1. Create an IAM role. The role that the application that connects to the DB must have permission to connect to the DB with IAM authentication.

Typical permission for the role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "rds-db:connect",
            "Resource": "arn:aws:rds-db:eu-north-1:112233428224:dbuser:db-JF2MKOSKOSNFKOSIKQKOS7EXX4/myAppDbUser"
        }
    ]
}

In above sample the db-JF2MKOSKOSNFKOSIKQKOS7EXX4 is the resource ID of the DB.

  1. Configure your Java application. Configure the database connection as usual but now you don't have to specify any password. And the process must run with the role that has the correct permission. Either using access key/secret key or using "instance profiles" (i.e. assign a role to the EC2 or ECS task).

  2. Override the default datasource factory. The two samples are ready to go. Just copy any to your code base. The GAV for the library is:

implementation 'se.solrike.aws:solrike-aws-extras:0.2.0'

Release Notes

0.2.0

Bump version on AWS SDK to avoid security issues in Netty 4.1.77.

Fix all JavaDoc warnings.

0.1.0

Supports datasource factory that creates IAM authentication enabled Hikari datasources

About

Java SQL Datasource factory which enables IAM authentication with AWS RDS like MySQL

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages