Allow to configure AWS Region with AWS IAM Auth (#260)

bpaquet · web-flow · commit 68b8be819bfe · 2022-11-19T22:13:27.000+01:00
diff --git a/postgresql/provider.go b/postgresql/provider.go
@@ -78,6 +78,13 @@ func Provider() *schema.Provider {
 				Description: "AWS profile to use for IAM auth",
 			},
 
+			"aws_rds_iam_region": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "AWS region to use for IAM auth",
+			},
+
 			// Conection username can be different than database username with user name mapas (e.g.: in Azure)
 			// See https://www.postgresql.org/docs/current/auth-username-maps.html
 			"database_username": {
@@ -179,7 +186,7 @@ func validateExpectedVersion(v interface{}, key string) (warnings []string, erro
 	return
 }
 
-func getRDSAuthToken(profile string, username string, host string, port int) (string, error) {
+func getRDSAuthToken(region string, profile string, username string, host string, port int) (string, error) {
 	endpoint := fmt.Sprintf("%s:%d", host, port)
 
 	ctx := context.Background()
@@ -189,6 +196,8 @@ func getRDSAuthToken(profile string, username string, host string, port int) (st
 
 	if profile != "" {
 		awscfg, err = awsConfig.LoadDefaultConfig(ctx, awsConfig.WithSharedConfigProfile(profile))
+	} else if region != "" {
+		awscfg, err = awsConfig.LoadDefaultConfig(ctx, awsConfig.WithRegion(region))
 	} else {
 		awscfg, err = awsConfig.LoadDefaultConfig(ctx)
 	}
@@ -221,8 +230,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	var password string
 	if d.Get("aws_rds_iam_auth").(bool) {
 		profile := d.Get("aws_rds_iam_profile").(string)
+		region := d.Get("aws_rds_iam_region").(string)
 		var err error
-		password, err = getRDSAuthToken(profile, username, host, port)
+		password, err = getRDSAuthToken(region, profile, username, host, port)
 		if err != nil {
 			return nil, err
 		}
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -111,6 +111,10 @@ The following arguments are supported:
   Version](https://www.postgresql.org/support/versioning/) or `current`.  Once a
   connection has been established, Terraform will fingerprint the actual
   version.  Default: `9.0.0`.
+* `aws_rds_iam_auth` - (Optional) If set to `true`, call the AWS RDS API to grab a temporary password, using AWS Credentials
+  from the environment (or the given profile, see `aws_rds_iam_profile`)
+* `aws_rds_iam_profile` - (Optional) The AWS IAM Profile to use while using AWS RDS IAM Auth.
+* `aws_rds_iam_region` - (Optional) The AWS region to use while using AWS RDS IAM Auth.
 
 ## GoCloud
 
