[英]Connect to RDS SQL Server From NodeJS via aws-sdk
有没有人有使用 aws-sdk 连接到 RDS SQL Server 实例的示例 NodeJS 代码。
A working OIDC-token based sample:一个基于 OIDC 令牌的工作示例:
database.ts
import { fromWebToken } from "@aws-sdk/credential-providers";
import { Signer } from "@aws-sdk/rds-signer";
import { createPool } from "mariadb";
import { serviceConfig } from "./config";
import { logger } from "./logger";
import { getSpiffeJWT } from "./spire";
const getSignToken = async (
spireToken: string,
hostname: string,
username: string,
port: number,
awsRegion: string
): Promise<string> => {
const sig = new Signer({
hostname,
port,
username,
credentials: fromWebToken({
roleArn: serviceConfig.roleArn,
webIdentityToken: spireToken,
}),
region: awsRegion,
});
return await sig.getAuthToken();
};
const createDbPool = async () => {
const spireToken = await getSpiffeJWT();
if (spireToken.length < 0) {
logger.error("spire token error: invalid length");
}
const dbHostname = `${serviceConfig.auroraHostname}`;
const dbUser = `${serviceConfig.auroraUser}`;
const dbPort = Number(`${serviceConfig.auroraPort}`);
const awsRegion = `${serviceConfig.clusterRegion}`;
const awsToken = await getSignToken(
spireToken,
dbHostname,
dbUser,
dbPort,
awsRegion
);
return createPool({
host: dbHostname,
user: dbUser,
port: dbPort,
ssl: { rejectUnauthorized: false },
password: awsToken,
database: `${serviceConfig.auroraDatabase}`,
connectionLimit: 10,
});
};
export const dbConnectionPool = createDbPool();
Note:笔记:
ssl: { rejectUnauthorized: false }
in Production.ssl: { rejectUnauthorized: false }
。 Download the AWS RDS ca-cert and add it as ca to the ssl block... wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.