Help us understand the problem. What is going on with this article?

RDSのIAM認証 (aws−cli編) 【cloudpack大阪ブログ】

More than 3 years have passed since last update.

cloudpack大阪の佐々木です。

RDSの認証をIAMでできるという話です。
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

基本的な設定はこちらを参照
http://qiita.com/Pampus/items/18b45330b990927652fd

認証に必要なTokenをaws-cliで取得できるようになってました。

aws-cliをアップデートします。

$ sudo pip install -U awscli
$ aws --version
aws-cli/1.11.81 Python/2.7.12 Linux/4.9.17-8.31.amzn1.x86_64 botocore/1.5.44

aws rds generate-db-auth-token コマンドが使えるようになっています。

NAME
       generate-db-auth-token -

DESCRIPTION
       Generates an auth token used to connect to a db with IAM credentials.

SYNOPSIS
            generate-db-auth-token
          --hostname <value>
          --port <value>
          --username <value>

OPTIONS
       --hostname (string) The hostname of the database to connect to.

       --port (integer) The port number the database is listening on.

       --username (string) The username to log in as.

実行するとトークンが発行されます。

$ aws rds generate-db-auth-token --hostname test.xxxxxxxxxx.ap-northeast-1.rds.amazonaws.com --port 3306 --username testuser --region ap-northeast-1
test.xxxxxxxxxx.ap-northeast-1.rds.amazonaws.com:3306/?Action=connect&DBUser=testuser&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=900&X-Amz-Date=20170427T134947Z&X-Amz-SignedHeaders=host&X-Amz-Security-Token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&X-Amz-Credential=xxxxxxxxxxxxxxxxxxxxxx2Faws4_request&X-Amz-Signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

これをパスワードにして接続します。

$ mysql -u testuser -h test.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com -p`aws rds generate-db-auth-token --hostname test.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com --port 3306 --username testuser --region ap-northeast-1` --ssl-ca=rds-combined-ca-bundle.pem
ERROR 2059 (HY000): Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled

んん?

--enable-cleartext-plugin ってのがいるらしいです。
https://dev.mysql.com/doc/refman/5.6/ja/cleartext-authentication-plugin.html

$ mysql -u testuser -h test.xxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com -p`aws rds generate-db-auth-token --hostname test.xxxxxxxxxx.ap-northeast-1.rds.amazonaws.com --port 3306 --username testuser --region ap-northeast-1` --ssl-ca=rds-combined-ca-bundle.pem --enable-cleartext-plugin
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 711
Server version: 5.7.16-log MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
taishin
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away