Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

node-mysql2, AWS.RDS.signer, & connection pooling

Tags:

node.js

aws-sdk

amazon-rds

node-mysql

node-mysql2

I am using the node-mysql2 library in combination with AWS.RDS.signer.

I have the following function, which creates a connection pool for reusing connections:

const createPool = () => new Promise((resolve, reject) => {
    signer.getAuthToken({
        region: '...',
        hostname: '...',
        port: '...',
        username: '...'
    }, (err, token) => {
        if (err) reject(err)
        const pool = mysql.createPool({
            host: '...',
            port: '...',
            user: '...',
            database: '...',
            password: token,
            ssl: 'Amazon RDS'
            authSwitchHandler: (data, cb) => {
                if (data.pluginName === 'mysql_clear_password') cb(null, Buffer.from(token + '\0'))
            }
        })
        resolve(pool)
    })
})

It works great... for awhile. Then I suddenly start getting this error:

Error: Access denied for user '...'@'...' (using password: YES)

So, what I think is happening, is that the token returned by the aws signer is only valid for a short time, and cannot be used to continuously re-establish connections in a pool.

There is no way to configure the ttl of the rds token using the aws sdk, that I can see. So the only other option I can think of, is to completely end and recreate the pool at a certain fixed interval.

I am wondering if there is anyone out there who may have wrestled with this, and who may have some insight into the best way to solve this problem? Is there a better way to use the rds signer in combination with connection pools?

like image 208
user1031947 Avatar asked Sep 18 '25 07:09

user1031947

1 Answers

For node-mysql2 version >= 2.0.0

mysql.createPool({
    ...,
    ssl: 'Amazon RDS',
    authPlugins: {
        mysql_clear_password: () => () =>
            signer.getAuthToken({
                region: '...',
                hostname: '...',
                port: '...',
                username: '...'
            })
    }
});

For node-mysql2 version < 2.0.0

mysql.createPool({
    ...,
    ssl: 'Amazon RDS',
    authSwitchHandler: (data, cb) => {
        if (data.pluginName === 'mysql_clear_password') {
            signer.getAuthToken({
                    region: '...',
                    hostname: '...',
                    port: '...',
                    username: '...'
                },
                (err, token) => {
                    if (err) {
                        cb(err);
                    } else {
                        cb(null, Buffer.from(token + '\0'));
                    }
                }
            );
        } else {
            cb(new Error(`Authentication method ${data.pluginName} is not supported`));
        }
    }
});

See also https://github.com/sidorares/node-mysql2/issues/1017

like image 163
David Krásný Avatar answered Sep 19 '25 21:09

David Krásný

Sign in to Comment

Related questions

Scoped NPM for private repository converts slash "/" to "%2F"
Best way to manage temporary local dependency changes in dev for npm dependencies
fs.FileRead -> TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be one of type string, Buffer, or URL. Received type undefined
NestJS/Express return PDF file from external URL in response
Error No 'Access-Control-Allow-Origin' - Nodejs [closed]
set request body size limit on NestJs for single controller
Error: Cannot find module 'graphql/validation/rules/PossibleTypeExtensions'
CQRS with REST APIs
How to get statusCode from Axios?
convert mongodb object to javascript object
How to execute multiple search query in node.js using elastic search and promises?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!