rdsutils - ActiveState ActiveGo 1.8

Package rdsutils

import "github.com/aws/aws-sdk-go/service/rds/rdsutils"

Overview ▾

func BuildAuthToken

func BuildAuthToken(endpoint, region, dbUser string, creds *credentials.Credentials) (string, error)

BuildAuthToken will return a authentication token for the database's connect based on the RDS database endpoint, AWS region, IAM user or role, and AWS credentials.

Endpoint consists of the hostname and port, IE hostname:port, of the RDS database. Region is the AWS region the RDS database is in and where the authentication token will be generated for. DbUser is the IAM user or role the request will be authenticated for. The creds is the AWS credentials the authentication token is signed with.

An error is returned if the authentication token is unable to be signed with the credentials, or the endpoint is not a valid URL.

The following example shows how to use BuildAuthToken to create an authentication token for connecting to a MySQL database in RDS.

authToken, err := BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds)

// Create the MySQL DNS string for the DB connection
// user:password@protocol(endpoint)/dbname?<params>
dnsStr = fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=true",
   dbUser, authToken, dbEndpoint, dbName,

// Use db to perform SQL operations on database
db, err := sql.Open("mysql", dnsStr)

See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html for more information on using IAM database authentication with RDS.