Add support for RDS IAM with dynamic credentialsΒ #339
Description
On AWS RDS there is the option of use RDS IAM authentication, instead of static credentials.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
That requires the client to request a new password before connecting, as the passwords are only valid for 15m.
I am not sure if dbmate supports this at the moment, I couldn't find how to do it. If not, we need to modify it to support this connection mode.
As a workaround one can run a script before calling dbmate to do the migration:
PGPASSWORD=$(
aws rds generate-db-auth-token \
--hostname "${PGHOST}" \
--port "${PGPORT}" \
--region "${REGION}" \
--username "${PGUSER}"
)
but the migration must be run within 15m