Hi Django folks, could someone enlighten me as to how to the typical code flow and/or django settings to apply for a situation such as the following:
I have my AWS RDS managed PostgreSQL database and an IAM user + policy such that they can connect with and operate the database. The typical flow that I’ve seen for using RDS with IAM authentication involves generating a temporary authorization token that is valid for 15 minutes like so:
#gets the credentials from .aws/credentials
session = boto3.Session(profile_name='RDSCreds')
client = boto3.client('rds')
token = client.generate_db_auth_token(DBHostname=ENDPOINT, Port=PORT, DBUsername=USR, Region=REGION)
try:
conn = psycopg2.connect(host=ENDPOINT, port=PORT, database=DBNAME, user=USR, password=token)
cur = conn.cursor()
cur.execute("""SELECT now()""")
query_results = cur.fetchall()
print(query_results)
except Exception as e:
print("Database connection failed due to {}".format(e))
However, the typical way that I’ve seen programmatic access to databases in Django is to supply the password in the project settings.py file using the DATABASES variable.
I would like to know how can I provide a database engine manager that will generate and supply new temporary passwords as necessary?
Update: I have found this package, which looks good but just a bit out of date. Is there a better or more canonical way?
Update 2: I am able to use https://github.com/bjmc/django-iam-dbauth/tree/py38 repo/branch to achieve good results for AWS EC2 with VPC and IAM rules. This is solved for now.