RDS connectivity in Python using Boto3 and IAM Role

Question

I am trying to connect to my RDS MySQL DB via Python. I am using the Boto3 library. The issue that I am facing is while trying to connect to the DB via the IAM Token generation method. I don't have a user created in IAM but have a role created and assigned.

When I try to connect to the DB, the code fails as it's expecting to have a key-pair stored in the .aws/configuration file. Snippet below.

# gets the credentials from .aws/credentials
# session = boto3.Session(profile_name='xyz')
client = boto3.client('rds',region_name='eu-west-2')

token = client.generate_db_auth_token(DBHostname=ENDPOINT, Port=PORT, DBUsername=USR,Region='eu-west-2')
print(token)

Getting the below error.

    raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials

But since I cannot use an IAM user and a role cannot have a key-pair attached to it, I am not sure how to execute this and get this done. Any suggestions would be useful. Thanks.

Answer 1

You should check the role of your User first. Then, it should be .aws/credentials

cat credential
[default]
aws_access_key_id = *****
aws_secret_access_key = ****

Answer 2

I dont have a user created in IAM but have a role created and assigned.

If you have only IAM role for RDS, you still need IAM user or some other role (e.g. instance role) which can assume (iam:AssumeRole) the RDS's role.

Then, you have to use boto3' assume_role to get temp credentials which you can then use to create new boto3 session for your RDS.