Warning: beta-only - this driver has not been full tested beyond a simple connect and query
A JDBC Driver wrapped around the standard PostgreSQL JDBC Driver that provides IAM authentication for connecting to AWS PostgreSQL or AWS RDS for PostgreSQL, as described in IAM Database Authentication for MySQL and Amazon Aurora. See Example for Java
This code was forked from this original repository that is working for mysql.
This JDBC driver supports all the PostgreSQL JDBC Driver properties and an additional, required awsRegion driver property.
Note that for RDS, the PostgreSQL SSL properties must be set:
| Property | Description | Example |
|---|---|---|
| awsRegion | AWS region of target RDS instance | eu-west-1 |
| requireSSL | Demand that SSL is used | true |
| useSSL | Prefer that SSL is used | true |
Amazon use their own CA for signing RDS certificates. Therefore, you may choose to skip validation:
| Property | Description | Example |
|---|---|---|
| verifyServerCertificate | Validate the database certificate | false |
or generate a JKS keystore:
wget https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem
keytool -import -file rds-ca-2015-root.pem -alias rds-ca-2015-root -keystore rds-ca-2015-root.jksthen add your jks keystore properties:
| Property | Description | Example |
|---|---|---|
| trustCertificateKeyStoreUrl | Trust store URL | file:path/rds-ca-2015-root.jks |
| trustCertificateKeyStorePassword | Trust store password | changeme |
If you build the driver (recommended), then run maven with:
mvn package -Passembly
This way you will have a single JAR file containing all the dependencies, including the PostgreSQL driver and AWS SDK:
target/iam-jdbc-driver-1.1.1-SNAPSHOT-jar-with-dependencies.jar
If you download the ZIP file (iam-jdbc-driver-1.1.0.zip) from the release page, you must unpack it first and you must source and add
the dependencies to your classpath. These are:
+- com.amazonaws:aws-java-sdk-core:jar:1.11.310
+- commons-logging:commons-logging:jar:1.1.3
+- org.apache.httpcomponents:httpclient:jar:4.5.5
| +- org.apache.httpcomponents:httpcore:jar:4.4.9
| \- commons-codec:commons-codec:jar:1.10
+- software.amazon.ion:ion-java:jar:1.0.2
+- com.fasterxml.jackson.core:jackson-databind:jar:2.6.7.1
| +- com.fasterxml.jackson.core:jackson-annotations:jar:2.6.0
| \- com.fasterxml.jackson.core:jackson-core:jar:2.6.7
+- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.6.7
\- joda-time:joda-time:jar:2.8.1
- com.amazonaws:aws-java-sdk-rds:jar:1.11.310
\- com.amazonaws:jmespath-java:jar:1.11.310
- postgresql:postgresql-connector-java:jar:42.2.5
Use jdbc:postgresqliam: in place of jdbc:postgresql: in the JDBC URL.
For example: jdbc:postgresqliam://host.cluster.region.rds.amazonaws.com:3306/database
Properties properties = new Properties();
properties.setProperty("awsRegion", "eu-west-1");
properties.setProperty("requireSSL", "true");
properties.setProperty("user", "mydbuser");
properties.setProperty("useSSL", "true");
properties.setProperty("verifyServerCertificate", "false");
Connection connection = DriverManager.getConnection(JDBCDRIVER_URL, properties);