My main goal would be using the cyrilgdn/postgresql provider across bastion hosts, as its aws_rds_iam_auth = false is useless with such setup. But this could have utility beyond my use-case, e.g. to grant RDS access to edge computers without AWS credentials (mostly for provisioners as these paswords are very ephemeral)
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Description
It would be awesome if the provider offered a datasource matching the https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/generate-db-auth-token.html utility.
Once the feature is enabled in a DB instance with https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#iam_database_authentication_enabled, this new datasource would ease the task of using ephemeral passwords inside terraform.
Right now I need the python aws-cli and an external datasource instead of using the Go's AWS SDK built in this very provider.
My main goal would be using the
cyrilgdn/postgresql
provider across bastion hosts, as itsaws_rds_iam_auth = false
is useless with such setup. But this could have utility beyond my use-case, e.g. to grant RDS access to edge computers without AWS credentials (mostly for provisioners as these paswords are very ephemeral)Requested Resource(s) and/or Data Source(s)
aws_rds_iam_auth_token
Potential Terraform Configuration
References
https://github.com/cyrilgdn/terraform-provider-postgresql/issues/81#issuecomment-1371067284
https://registry.terraform.io/modules/calidae/rds-iam-token-generator/external/latest
Would you like to implement a fix?
No