AWS RDS/Aurora IAM authentication for psql-clj.
Instead of a static password, RDS can authenticate with a short-lived token
signed from your AWS credentials. iam-spec returns a psql.core/spec whose
:password is a freshly generated token (valid ~15 minutes), so wrap it in a
delay/refresh or build a new pool before the token expires.
AWS RDS/Aurora IAM authentication for psql-clj. Instead of a static password, RDS can authenticate with a short-lived token signed from your AWS credentials. `iam-spec` returns a psql.core/spec whose :password is a freshly generated token (valid ~15 minutes), so wrap it in a `delay`/refresh or build a new pool before the token expires.
(iam-spec &
{:keys [region sslmode credentials-provider]
:or {sslmode "require"}
:as opts})Build a psql.core/spec whose :password is a fresh RDS IAM auth token.
Resolves :host/:port/:user/:dbname through psql.core/spec (so PG* env vars and ~/.pgpass still apply), then overrides :password with a generated token. RDS IAM authentication requires TLS, so :sslmode defaults to "require".
Requires :region (and a :host reachable as the RDS endpoint). Pass :credentials-provider to override the default AWS credentials chain.
Build a psql.core/spec whose :password is a fresh RDS IAM auth token. Resolves :host/:port/:user/:dbname through psql.core/spec (so PG* env vars and ~/.pgpass still apply), then overrides :password with a generated token. RDS IAM authentication requires TLS, so :sslmode defaults to "require". Requires :region (and a :host reachable as the RDS endpoint). Pass :credentials-provider to override the default AWS credentials chain.
(rds-auth-token {:keys [host port user region credentials-provider]})Generate a short-lived RDS IAM authentication token. This signs locally from your AWS credentials; it does not call AWS.
Options: :host RDS endpoint hostname (required) :user database user enabled for IAM auth (required) :region AWS region string, e.g. "us-east-1" (required) :port defaults to 5432 :credentials-provider an AwsCredentialsProvider; defaults to the default chain
Generate a short-lived RDS IAM authentication token. This signs locally from your AWS credentials; it does not call AWS. Options: :host RDS endpoint hostname (required) :user database user enabled for IAM auth (required) :region AWS region string, e.g. "us-east-1" (required) :port defaults to 5432 :credentials-provider an AwsCredentialsProvider; defaults to the default chain
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |