Gauzy
Gauzy

Reputation: 771

AWS RDS MySQL connection using IAM Role is not working

Would like to inform upfront that I am new to AWS in general. For my project I am trying to use AWS RDS MySQL using IAM Authentication (IAM Role) from a Java application deployed on Tomcat on an EC2 instance. Before trying it from Java I am trying it from the command prompt on the EC2 instance. I am following this link to do it:

https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/

I have done the following so far (please pardon if I am not using correct terminologies):

I followed everything given in the link at the top and everything seem to work except for the last command.

As in the link I created DB user as below:

CREATE USER dev_user IDENTIFIED WITH AWSAuthenticationPlugin as 'RDS';

The last command in the link that is not working is:

mysql -h {db or cluser endpoint} --ssl-ca={certificate file name with complete path} --ssl-verify-server-cert -u {dbusername2} -p"{authenticationtoken}" --enable-cleartext-plugin

Every time I run this command it asks for the password and then I am getting an error. I am at a loss on how to resolve it.

In the above mysql command if I pass my master user-id (I created it as 'admin') and enter it's password I get an error like this:

[ec2-user@ip-xxx-xx-xx-16 ~]$ mysql -h <endpoint of my RDS DB instance> --ssl-ca=rds-combined-ca-bundle.pem --ssl-verify-server-cert -u admin -p 'aws rds generate-db-auth-token --hostname <endpoint of my RDS DB instance> --port 3306 --username dev_user' --enable-cleartext-plugin

Enter password: ERROR 1059 (42000): Identifier name 'aws rds generate-db-auth-token --hostname --port' is too long

And if in the same command I provide the above created DB user (dev_user). I get the following error if provide "dev_user" as user in the command and whether I enter a password or not. [In this case, the above link did not set a password so what should I do when it asks to enter the password?]:

[ec2-user@ip-xxx-xx-xx-16 ~]$ mysql -h <endpoint of my RDS DB instance> --ssl-ca=rds-combined-ca-bundle.pem --ssl-verify-server-cert -u dev_user -p 'aws rds generate-db-auth-token --hostname <endpoint of my RDS DB instance> --port 3306 --username dev_user' --enable-cleartext-plugin

Enter password: ERROR 1045 (28000): Access denied for user 'dev_user'@'xxx.xx.xx.16' (using password: YES)

I get the same "Access denied..." error when I enter "admin" in both places in the command above.

Any help will be highly appreciated.

Thank you.

Upvotes: 1

Views: 3216

Answers (1)

Sergey Kovalev
Sergey Kovalev

Reputation: 9431

First of all, there shouldn't be space after -p parameter.

Second, if you want to execute aws rds generate-db-auth-token... inline, it should be marked with ticks, not single quotes.

mysql -h <endpoint of my RDS DB instance> --ssl-ca=rds-combined-ca-bundle.pem --ssl-verify-server-cert -u dev_user -p`aws rds generate-db-auth-token --hostname <endpoint of my RDS DB instance> --port 3306 --username dev_user` --enable-cleartext-plugin

Upvotes: 5

Related Questions