想提前通知我,我通常是AWS的新手.对于我的项目,我尝试使用EC2实例上Tomcat上部署的Java应用程序中的IAM身份验证(IAM角色)使用AWS RDS MySQL.从Java尝试之前,我正在EC2实例上的命令提示符下尝试它.我正在通过此链接进行操作:
Would like to inform upfront that I am new to AWS in general. For my project I am trying to use AWS RDS MySQL using IAM Authentication (IAM Role) from a Java application deployed on Tomcat on an EC2 instance. Before trying it from Java I am trying it from the command prompt on the EC2 instance. I am following this link to do it:
aws.amazon/premiumsupport/knowledge-center/users-connect-rds-iam/
到目前为止,我已完成以下操作(如果我使用的术语不正确,请原谅):
I have done the following so far (please pardon if I am not using correct terminologies):
- 使用AWS RDS的MySQL
- 在我的MySQL实例上启用了IAM身份验证
- 为EC2创建了IAM角色
-
为上述IAM角色创建了一个内联策略,并授予了必需的操作".还包括资源"(我的数据库端点带有用户名),如下所示:
- MySQL using AWS RDS
- Enabled IAM Authentication on my MySQL instance
- Created IAM Role for EC2
Created an inline policy for the above IAM Role and granted required "Action". Also included the "Resources" (my database's endpoint with username), as below:
将此IAM角色分配给我创建的EC2实例
Assigned this IAM Role to an EC2 instance I have created
我遵循了顶部链接中给出的所有内容,除最后一条命令外,其他所有功能似乎都可以正常工作.
I followed everything given in the link at the top and everything seem to work except for the last command.
按照我在链接中创建的数据库用户,如下所示:
As in the link I created DB user as below:
CREATE USER dev_user IDENTIFIED WITH AWSAuthenticationPlugin as 'RDS';
链接中最后一个不起作用的命令是:
The last command in the link that is not working is:
mysql -h {db or cluser endpoint} --ssl-ca={certificate file name with complete path} --ssl-verify-server-cert -u {dbusername2} -p"{authenticationtoken}" --enable-cleartext-plugin
每次我运行此命令时,都会要求输入密码,然后出现错误.我不知如何解决.
Every time I run this command it asks for the password and then I am getting an error. I am at a loss on how to resolve it.
在上面的mysql命令中,如果我通过我的主用户ID (我将其创建为"admin")并输入了密码,则会收到如下错误:
In the above mysql command if I pass my master user-id (I created it as 'admin') and enter it's password I get an error like this:
[ec2-user@ip-xxx-xx-xx-16 ~]$ mysql -h <endpoint of my RDS DB instance> --ssl-ca=rds-combined-ca-bundle.pem --ssl-verify-server-cert -u admin -p 'aws rds generate-db-auth-token --hostname <endpoint of my RDS DB instance> --port 3306 --username dev_user' --enable-cleartext-plugin输入密码: 错误1059(42000):标识符名称"aws rds generate-db-auth-token --hostname --port"太长
Enter password: ERROR 1059 (42000): Identifier name 'aws rds generate-db-auth-token --hostname --port' is too long
如果在同一命令中,我提供了上面创建的数据库用户(dev_user).如果在命令中提供"dev_user"作为用户,以及是否输入密码,都会出现以下错误. [在这种情况下,上面的链接未设置密码,因此当它要求输入密码时该怎么办?] :
And if in the same command I provide the above created DB user (dev_user). I get the following error if provide "dev_user" as user in the command and whether I enter a password or not. [In this case, the above link did not set a password so what should I do when it asks to enter the password?]:
[ec2-user@ip-xxx-xx-xx-16 ~]$ mysql -h <endpoint of my RDS DB instance> --ssl-ca=rds-combined-ca-bundle.pem --ssl-verify-server-cert -u dev_user -p 'aws rds generate-db-auth-token --hostname <endpoint of my RDS DB instance> --port 3306 --username dev_user' --enable-cleartext-plugin输入密码: 错误1045(28000):用户'dev_user'@'xxx.xx.xx.16'的访问被拒绝(使用密码:是)
Enter password: ERROR 1045 (28000): Access denied for user 'dev_user'@'xxx.xx.xx.16' (using password: YES)
当我在上面的命令的两个地方都输入"admin"时,出现相同的访问被拒绝..."错误.
I get the same "Access denied..." error when I enter "admin" in both places in the command above.
我们将不胜感激任何帮助.
Any help will be highly appreciated.
谢谢.
推荐答案首先,-p参数后不应有空格.
First of all, there shouldn't be space after -p parameter.
第二,如果要内联执行aws rds generate-db-auth-token...,则应将其标上刻度线,而不是单引号.
Second, if you want to execute aws rds generate-db-auth-token... inline, it should be marked with ticks, not single quotes.
mysql -h <endpoint of my RDS DB instance> --ssl-ca=rds-combined-ca-bundle.pem --ssl-verify-server-cert -u dev_user -p`aws rds generate-db-auth-token --hostname <endpoint of my RDS DB instance> --port 3306 --username dev_user` --enable-cleartext-plugin更多推荐
使用IAM角色的AWS RDS MySQL连接无法正常工作
发布评论