Giters

hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.

Home Page:https://hasura.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Passwordless authentication using IAM authentication to RDS for self-hosted / hybrid hasura plans

4raghumurthy opened this issue · comments

commented

Component
c/v3-engine

Is your proposal related to a problem?

This is a new feature request. Currently this functionality is possible with AWS Secrets via https://github.com/hasura/hasura-secret-refresh

Passwordless authentication is not supported presently for IAM authentication to RDS like PostgreSQL

Solution desired
What I am looking for is fully passwordless authentication using IAM authentication to RDS for self-hosted / hybrid hasura plans. For example, we should be able to have our hasura pods use IAM Roles for Service Accounts (IRSA) to authenticate to RDS PostgreSQL databases without having long lived credentials.

Describe alternatives you've considered

One option is add a Provider for AWS IAM in this repo
The current Providers at this link are rather limited to AWS Secrets Manager

Similar concept - can we leverage AWS SDK in hasura directly to configure IAM auth as an alternative?