App Connections

There is nothing that you need to setup in AWS right now. This part is just information to show you how the app actually connects to services like S3 and RDS.

Any app can connect to an AWS service using the AWS SDK. Most languages have a package or packages that make it pretty easy to access AWS services.

RDS

Since we have a normal MySQL RDS instance, our app will just connect to it like any other MySQL database. The only major difference is that we generate the database's password using IAM.

This means that we never have to store a password on our app. We just give the instance a role with the proper IAM permissions and the app can generate a password at runtime.

The app is a bun app, which means it's using TypeScript. The code it uses to connect to the database is below.

import { Signer } from "@aws-sdk/rds-signer";
import mysql from "mysql2/promise";

export async function generateIamToken() {
  const signer = new Signer({
    hostname: ProcessEnv.RDS_ENDPOINT,
    port: 3306,
    username: ProcessEnv.RDS_IAM_USER,
    region: ProcessEnv.RDS_REGION,
  });

  return await signer.getAuthToken();
}

const connection = await mysql.createPool({
  host: ProcessEnv.RDS_ENDPOINT,
  user: ProcessEnv.RDS_IAM_USER,
  database: ProcessEnv.DATABASE_NAME,
  insecureAuth: true,
  idleTimeout: 1000,
  ssl: "Amazon RDS",
  authPlugins: {
    mysql_clear_password: () => async () => {
      const token = await generateIamToken();
      return Buffer.from(token + "\0");
    },
  },
});

We are using the @aws-sdk/rds-signer package to generate an IAM token for our database. This IAM token is the password that our user uses to connect to the database.