IAM策略(与绑定到lambda函数的角色关联)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-1:<account-id>:dbuser:<db-resource-id>/lambda"
]
}
]
}
在数据库中创建的用户:
create user 'lambda' identified with AWSAuthenticationPlugin as 'RDS';
grant all privileges on cbr.* to 'lambda'@'%';
flush privileges;
private String generateAuthToken() {
RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder()
.credentials(new DefaultAWSCredentialsProviderChain())
.region(region)
.build();
String authToken = generator.getAuthToken(
GetIamAuthTokenRequest.builder()
.hostname(hostName)
.port(Integer.parseInt(port))
.userName(username)
.build());
return authToken;
}
public String test() throws SQLException {
String currentTime = "Not Set";
String jdbcUrl = "jdbc:mysql://" + hostName + ":" + port;
String token = generateAuthToken();
Connection conn = DriverManager.getConnection(jdbcUrl, username, generateAuthToken());
Statement statement = conn.createStatement();
ResultSet rs = statement.executeQuery("SELECT NOW()");
if (rs.next()) {
currentTime = rs.getString(1);
}
return currentTime;
}
我肯定我只是错过了一些东西
