Feature Request: IAM Authentication to RDS

Currently, AWS RDS allows users to connect with IAM credentials, so that you can centrally manage permissions. However, this occurs using temporary tokens which only last 15 min.

I have not found a single GUI app which can support IAM tokens, so this could also be a big value add for RDS.

Here’s an example bash script which I use to open a database connection using the mysql terminal tool:

#!/bin/bash

username="HERE"
hostname="INSTANCE-NAME.INSTANCE-ID.us-east-2.rds.amazonaws.com"
port="3306"
rootCerts="https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem"
rootCertLocalPath="/tmp/rdscerts.pem"

echo "Getting token";
token=$(aws rds generate-db-auth-token  --hostname $hostname --port $port --region us-east-2  --username $username)


if [ ! -f "$rootCertLocalPath" ]; then
    echo "Getting certs"
    curl "$rootCerts" > "$rootCertLocalPath"
fi

echo "Connecting with token..."

mysql --host="$hostname" --port="$port" --ssl-ca="$rootCertLocalPath" --enable-cleartext-plugin --user="$username" --password="$token"

This, of course, uses the two pieces of an IAM credential behind the scenes: key id and secret key.

It would be amazing if this functionality would be implemented directly into dbeaver, ether reading the aws keys from env vars (as most tools do), or even allow them to be specified. This would allow me to push our company to use more secure DB extensions, and also to use dbeaver!