如何从AWS lambda建立安全的Aurora数据库连接。我们如何在AWS lambda函数中设置证书密钥库。下面的代码片段显示了建立连接。但是设置密钥库的代码不适用于lambda。
private static String generateAuthToken() {
BasicAWSCredentials awsCredentials = new BasicAWSCredentials("aws_access_key_id", "aws_secret_key_id");
RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder()
.credentials(new AWSStaticCredentialsProvider(awsCredentials)).region(regionName).build();
String authToken = generator.getAuthToken(GetIamAuthTokenRequest.builder().hostname(rds_instance_hostname)
.port(rds_instance_port).userName("iam-database-user").build());
return authToken;
}
private static Connection getDBConnectionUsingIam() {
String jdbcUrl = "jdbc:mysql://" + rds_instance_endpoint;
Properties mysqlConnectionProperties = new Properties();
mysqlConnectionProperties.setProperty("verifyServerCertificate", "true");
mysqlConnectionProperties.setProperty("useSSL", "true");
System.setProperty("javax.net.ssl.trustStore", "path_to_truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "trustore_password");
mysqlConnectionProperties.setProperty("user", "iam-database-user");
// Call a method to generate an authentication token (see above example)
String authToken = generateAuthToken();
// Set authentication token as password
mysqlConnectionProperties.setProperty("password", authToken);
Connection connection = DriverManager.getConnection(jdbcUrl, mysqlConnectionProperties);
}