rds-signer
Fetches RDS credentials to be used when connecting to RDS with IAM roles.
Install
To install this middleware you can use NPM:
- npm
- Yarn
npm install --save @middy/rds-signer
yarn add @middy/rds-signer
Options
AwsClient
(object) (defaultAWS.RDS.Signer
): AWS.RDS.Signer class constructor (e.g. that has been instrumented with AWS XRay). Must be fromaws-sdk
v2.awsClientOptions
(object) (optional): Options to pass to AWS.RDS.Signer class constructor.fetchData
(object) (required): Mapping of internal key name to API request parameters.disablePrefetch
(boolean) (defaultfalse
): On cold start requests will trigger early if they can. SettingawsClientAssumeRole
disables prefetch.cacheKey
(string) (defaultrds-signer
): Cache key for the fetched data responses. Must be unique across all middleware.cacheExpiry
(number) (default-1
): How long fetch data responses should be cached for.-1
: cache forever,0
: never cache,n
: cache for n ms.setToContext
(boolean) (defaultfalse
): Store role tokens torequest.context
.
NOTES:
- Lambda is required to have IAM permission for
rds-db:connect
with a resource likearn:aws:rds-db:#{AWS::Region}:#{AWS::AccountId}:dbuser:${database_resource}/${iam_role}
Sample usage
import middy from '@middy/core'
import rdsSigner from '@middy/rds-signer'
const handler = middy((event, context) => {
const response = {
statusCode: 200,
headers: {},
body: JSON.stringify({ message: 'hello world' })
};
return response
})
handler
.use(rdsSigner({
fetchData: {
rdsToken: {
region: 'ca-central-1',
hostname: '***.rds.amazonaws.com',
username: 'iam_role',
database: 'postgres',
port: 5432
}
}
}))
Bundling
To exclude aws-sdk
add aws-sdk/clients/rds.js
to the exclude list.