IAM auth on localhost connection not allowed

[pgrunm-DrKlein]

Hello,

I'm currently trying to create a new MySQL user for IAM authentication on AWS. We're running our RDS database instance behind a bastion host, so there is no way to connect directly.

As a result I'm running a ssh tunnel to the bastion and connecting to a local port on my machine. Unfortunately, the module doesn't allow me to create an IAM user while connecting to localhost. This is the offending line.

• Is there any way to connect to an RDS instance behind with a bastion host? If not
• Can we modify the code in any way, to allow the setup of an IAM user while connecting via localhost?

[petoju]

@pgrunm-DrKlein I believe the "offending line" is not really causing any issues.

MySQL identifies user by tuple like (username, hostname_or_ip). When you connect, it finds the record that matches both of these before checking the password. That hostname_or_ip part is found out by the server and your client cannot do a lot to change it.

I can't imagine someone would be connecting to RDS from localhost (as seen by RDS). You still have to allow connection from hostmask, that matches at least your bastion to be able to connect like that. So it will be like 10.1.2.3, or maybe 10.% or even something wider. % is wildcard.

I may be wrong; feel free to object if you see it differently.

[pgrunm-DrKlein]

Oh no. I'm totally wrong. I just noticed my mistake, let me explain.

I'm using a provisioner which points to localhost as endpoint:

provider "mysql" {
  alias                 = "dev"
  endpoint              = "localhost:3306"
}

I forgot to set the host attribute to something else than localhost. I changed this attribute now to % as you said and now it works like a flaw.

Thank you very much for your reply, I'm closing this issue now 👍.