RDS令牌不支持在.pgpass文件中进行身份验证。要在Python中使用RDS令牌进行身份验证,您可以使用以下代码示例:
import psycopg2
from boto3.session import Session
def get_secret():
"""
Get secret from AWS Secrets Manager
"""
session = Session()
client = session.client(
service_name='secretsmanager',
region_name='us-west-2'
)
secret = client.get_secret_value(
SecretId='my-postgres-db-secrets'
)
return secret
def get_connection():
"""
Get a connection object to PostgreSQL RDS using AWS IAM token
"""
secret = get_secret()
rds = secret['postgres']
conn = psycopg2.connect(
user=rds['username'],
password=rds['password'],
host=rds['host'],
port=rds['port'],
database=rds['dbname'],
sslmode=rds['sslmode'],
sslrootcert=rds['sslrootcert'],
sslcert=rds['sslcert'],
sslkey=rds['sslkey'],
# Use IAM Authenticator
auth_plugin='aws',
connect_timeout=5,
keepalives_idle=30
)
return conn
# Connect to PostgreSQL RDS
conn = get_connection()
# Execute SQL
cur = conn.cursor()
cur.execute("SELECT * FROM my_table")
results = cur.fetchall()
print(results)
# Clean up
cur.close()
conn.close()
此代码示例使用了AWS Secrets Manager来获取RDS数据库的凭据,并使用AWS IAM token进行身份验证。这种方法避免了将密码存储在代码中,因此更为安全。但是,需要注意的是,这种方法需要使用AWS Secrets Manager和AWS IAM,因此可能不适用于所有场景。