RDS connectivity in Python using Boto3 and IAM Role
Question
I am trying to connect to my RDS MySQL DB via Python. I am using the Boto3 library. The issue that I am facing is while trying to connect to the DB via the IAM Token generation method. I don't have a user created in IAM but have a role created and assigned.
When I try to connect to the DB, the code fails as it's expecting to have a key-pair stored in the.aws/configuration file. Snippet below.
# gets the credentials from .aws/credentials
# session = boto3.Session(profile_name='xyz')
client = boto3.client('rds',region_name='eu-west-2')
token = client.generate_db_auth_token(DBHostname=ENDPOINT, Port=PORT, DBUsername=USR,Region='eu-west-2')
print(token)
Getting the below error.
raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials
But since I cannot use an IAM user and a role cannot have a key-pair attached to it, I am not sure how to execute this and get this done. Any suggestions would be useful. Thanks.
2 answers
solution1
1 ACCPTED 2021-03-11 08:24:41
I dont have a user created in IAM but have a role created and assigned.
If you have only IAM role for RDS, you still need IAM user or some other role (eg instance role) which can assume ( iam:AssumeRole ) the RDS's role.
Then, you have to use boto3' assume_role to get temp credentials which you can then use to create new boto3 session for your RDS.
solution2
0 2021-03-11 10:12:16
You should check the role of your User first. Then, it should be.aws/credentials
cat credential
[default]
aws_access_key_id = *****
aws_secret_access_key = ****
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.