Description of changes: In addition to password, I propose stripping the X-Amz-Security-Token param from the connection string as this is present in connections that use RDS / Aurora IAM Authentication and could lead to exposure of the short-lived credentials.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Issue #, if available:
Description of changes: In addition to
password, I propose stripping theX-Amz-Security-Tokenparam from the connection string as this is present in connections that use RDS / Aurora IAM Authentication and could lead to exposure of the short-lived credentials.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.