Skip to content

Commit 4a759ac

Browse files
bpaquetbpaquet
authored
Allow to configure AWS Region with AWS IAM Auth (#3)
1 parent 2b03cb9 commit 4a759ac

File tree

2 files changed

+13
-2
lines changed

2 files changed

+13
-2
lines changed

postgresql/provider.go

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,13 @@ func Provider() *schema.Provider {
7878
Description: "AWS profile to use for IAM auth",
7979
},
8080

81+
"aws_rds_iam_region": {
82+
Type: schema.TypeString,
83+
Optional: true,
84+
Default: "",
85+
Description: "AWS region to use for IAM auth",
86+
},
87+
8188
// Conection username can be different than database username with user name mapas (e.g.: in Azure)
8289
// See https://www.postgresql.org/docs/current/auth-username-maps.html
8390
"database_username": {
@@ -179,7 +186,7 @@ func validateExpectedVersion(v interface{}, key string) (warnings []string, erro
179186
return
180187
}
181188

182-
func getRDSAuthToken(profile string, username string, host string, port int) (string, error) {
189+
func getRDSAuthToken(region string, profile string, username string, host string, port int) (string, error) {
183190
endpoint := fmt.Sprintf("%s:%d", host, port)
184191

185192
ctx := context.Background()
@@ -189,6 +196,8 @@ func getRDSAuthToken(profile string, username string, host string, port int) (st
189196

190197
if profile != "" {
191198
awscfg, err = awsConfig.LoadDefaultConfig(ctx, awsConfig.WithSharedConfigProfile(profile))
199+
} else if region != "" {
200+
awscfg, err = awsConfig.LoadDefaultConfig(ctx, awsConfig.WithRegion(region))
192201
} else {
193202
awscfg, err = awsConfig.LoadDefaultConfig(ctx)
194203
}
@@ -221,8 +230,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
221230
var password string
222231
if d.Get("aws_rds_iam_auth").(bool) {
223232
profile := d.Get("aws_rds_iam_profile").(string)
233+
region := d.Get("aws_rds_iam_region").(string)
224234
var err error
225-
password, err = getRDSAuthToken(profile, username, host, port)
235+
password, err = getRDSAuthToken(region, profile, username, host, port)
226236
if err != nil {
227237
return nil, err
228238
}

website/docs/index.html.markdown

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ The following arguments are supported:
113113
* `aws_rds_iam_auth` - (Optional) If set to `true`, call the AWS RDS API to grab a temporary password, using AWS Credentials
114114
from the environment (or the given profile, see `aws_rds_iam_profile`)
115115
* `aws_rds_iam_profile` - (Optional) The AWS IAM Profile to use while using AWS RDS IAM Auth.
116+
* `aws_rds_iam_region` - (Optional) The AWS region to use while using AWS RDS IAM Auth.
116117

117118
## GoCloud
118119

0 commit comments

Comments
 (0)