Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "VisualEditor0",
- "Effect": "Allow",
- "Action": "rds-db:connect",
- "Resource": "arn:aws:rds:us-west-1:##########:db:foo_bar_instance/db_user_test"
- }
- ]
- }
- mysql> CREATE USER db_user_test IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
- Query OK, 0 rows affected (0.01 sec)
- mysql> GRANT USAGE ON *.* TO 'db_user_test'@'%'REQUIRE SSL;
- Query OK, 0 rows affected (0.01 sec)
- mysql> show grants for 'db_user_test'@'%';
- +------------------------------------------------------+
- | Grants for db_user_test@% |
- +------------------------------------------------------+
- | GRANT USAGE ON *.* TO 'db_user_test'@'%' REQUIRE SSL |
- +------------------------------------------------------+
- 1 row in set (0.00 sec)
- mysql>
- [root@ip-10-101-115-129 ~]# bash -x test_auth_new.sh
- + RDSHOST=foo.bar.us-west-1.rds.amazonaws.com
- ++ aws rds generate-db-auth-token --hostname foo.bar.us-west-1.rds.amazonaws.com --port 3306 --username db_user_test
- + TOKEN='foo.bar.us-west-1.rds.amazonaws.com:3306/?TOKEN_HERE'
- + SSL_CERT=/root/rds-combined-ca-bundle.pem
- + mysql --host=foo.bar.us-west-1.rds.amazonaws.com --port=3306 --verbose --ssl-ca=/root/rds-combined-ca-bundle.pem --ssl-mode=VERIFY_IDENTITY --user=db_user_test '--password=foo.bar.us-west-1.rds.amazonaws.com:3306/?TOKEN_HERE' --enable-cleartext-plugin
- mysql: [Warning] Using a password on the command line interface can be insecure.
- ERROR 1045 (28000): Access denied for user 'db_user_test'@'10.101.115.129' (using password: YES)
Add Comment
Please, Sign In to add comment