AWS IAM Database Authentication integrated with Apache Commons DBCP connection pool — supports RDS and Redshift with automatic token refresh on DBCP v1 and v2.
AWS RDS and Redshift support IAM Database Authentication — instead of a static password, you use a temporary token generated from AWS IAM credentials. This project integrates that token generation into Apache Commons DBCP so that:
- A new IAM auth token is generated when the connection pool initializes
- The token is automatically refreshed before it expires (every 15 minutes)
- Compatible with DBCP v1 and DBCP v2
DBCP Connection Pool
└─► Custom DataSource wrapper
└─► AWS SDK GenerateDbAuthToken()
└─► Uses IAM Role / Access Key
└─► Connect to RDS / Redshift
git clone https://github.com/misoboy/aws-iam-db-access-dbcp.git
cd aws-iam-db-access-dbcp
./mvnw clean testUpdate src/test/resources/application-test.properties:
# AWS Region
datasource.rds.region=ap-northeast-2
# RDS Endpoint
datasource.rds.endpoint=your-db.cluster-xxx.ap-northeast-2.rds.amazonaws.com
# RDS Port
datasource.rds.port=3306
# DB Username (must have rds_iam role)
datasource.rds.username=db_userThe IAM user/role must have the rds-db:connect permission:
{
"Effect": "Allow",
"Action": "rds-db:connect",
"Resource": "arn:aws:rds-db:ap-northeast-2:123456789:dbuser:*/db_user"
}MIT