paws icon indicating copy to clipboard operation
paws copied to clipboard
verified publisher icon paws-r

rds$build_auth_token not working

Open Drwhit opened this issue 5 years ago • 28 comments

Thanks for your work on this package, looks like it will come in very handy.

I'm a beginner at aws authentication especially related to databases, so it could definitely be user error, but it appears to me that the rds$build_auth_token function isn't working.

When I obtain the token using the this function, I am unable to connect to the database (i've replaced sensitive information with "xxxxxxxx":

token <- rds$build_auth_token(endpoint = "xxxxxxxx.us-west-2.rds.amazonaws.com:5432", region = "us-west-2", user = "xxxxxxxx") pool <- pool::dbPool(drv = RPostgres::Postgres(), dbname="xxxxxxxx", host="xxxxxxxx.us-west-2.rds.amazonaws.com", user= "xxxxxxxx", password=token, bigint = "numeric")

Error in connection_create(names(opts), as.vector(opts)) : FATAL: PAM authentication failed for user "xxxxxxxx" FATAL: pg_hba.conf rejects connection for host "xxxxxxxx", user "xxxxxxxx", database "xxxxxxxx", SSL off

However, if I obtain the token using the following command, I am able to connect: systoken <- system("aws rds generate-db-auth-token --hostname xxxxxxxx.us-west-2.rds.amazonaws.com --port 5432 --username xxxxxxxx") pool <- pool::dbPool(drv = RPostgres::Postgres(), dbname="xxxxxxxx", host="xxxxxxxx.us-west-2.rds.amazonaws.com", user= "xxxxxxxx", password=systoken, bigint = "numeric")

Here is some system info:

sessionInfo() R version 3.5.2 (2018-12-20) Platform: x86_64-apple-darwin15.6.0 (64-bit) Running under: macOS 10.15.5

Matrix products: default BLAS: /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib LAPACK: /Library/Frameworks/R.framework/Versions/3.5/Resources/lib/libRlapack.dylib

locale: [1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8

Drwhit avatar Sep 05 '20 20:09 Drwhit

Thank you for the bug report! We'll check it out in the next week.

davidkretch avatar Sep 06 '20 00:09 davidkretch

Hello @Drwhit, unfortunately I was not able to reproduce the issue on Linux or Windows in us-east-2 using rds$build_auth_token and pool::dbPool. I don't have a Mac to test with but doubt it is platform specific. I don't have many ideas of what it could be, but possibly do you have more than one profile or set of credentials in your ~/.aws/config or ~/.aws/credentials?

davidkretch avatar Sep 12 '20 21:09 davidkretch

I’ve tried in two different machines, local Mac and ec2 linux.

I do have multiple profiles on my local, but am able to generate the token using the aws cli without specifying which role, presumably because my account is an admin account.

Only one profile in my ec2 instance though. credentials are obtained by the docker container from the instance, because the instance has been assigned a role via the Aws console, so there is no credentials file.

On Sat, Sep 12, 2020 at 3:41 PM David Kretch [email protected] wrote:

Hello @Drwhit https://github.com/Drwhit, unfortunately I was not able to reproduce on Linux or Windows in us-east-2. I don't have a Mac to test with but doubt it is platform specific. I don't have many ideas of what it could be, but possibly do you have more than one profile or set of credentials in your ~/.aws/config or ~/.aws/credentials?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/paws-r/paws/issues/324#issuecomment-691554440, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADTY24EFY5FXJC34CBAEXZTSFPTIBANCNFSM4Q3KGIRA .

Drwhit avatar Sep 15 '20 22:09 Drwhit

Cool, thank you. I'll try to set something like that up.

davidkretch avatar Sep 15 '20 23:09 davidkretch