GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mothership → rds-auth-proxy

mothership / rds-auth-proxy

Licence: MIT license
A "passwordless" login experience for your AWS RDS

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Makefile
30231 projects
Dockerfile
14818 projects

Labels

awssecuritypostgresauthenticationproxyiamrds

Projects that are alternatives of or similar to rds-auth-proxy

Awesome Aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Stars: ✭ 9,895 (+36548.15%)
Mutual labels:  iam, rds
aws-tag-sched-ops
Retired, please see https://github.com/sqlxpert/lights-off-aws
Stars: ✭ 24 (-11.11%)
Mutual labels:  iam, rds
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+588.89%)
Mutual labels:  iam
iam-manager
AWS IAM role management for K8s cluster using kube builder "Operator" framework
Stars: ✭ 41 (+51.85%)
Mutual labels:  iam
Authing
🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.
Stars: ✭ 247 (+814.81%)
Mutual labels:  iam
Drf Access Policy
Declarative access policies/permissions modeled after AWS' IAM policies.
Stars: ✭ 200 (+640.74%)
Mutual labels:  iam
RDS-sanitized-snapshots
Take periodic snapshots of RDS databases, sanitize them, and share with other accounts. Useful for QA/dev databases.
Stars: ✭ 41 (+51.85%)
Mutual labels:  rds
Theidserver
OpenID/Connect server based on IdentityServer4
Stars: ✭ 170 (+529.63%)
Mutual labels:  iam
awstools
No description or website provided.
Stars: ✭ 22 (-18.52%)
Mutual labels:  iam
Complete Aws Iam Reference
Complete AWS IAM Reference
Stars: ✭ 236 (+774.07%)
Mutual labels:  iam
serverless-go
Serverless Golang Function to Discover Movies 🎥
Stars: ✭ 37 (+37.04%)
Mutual labels:  rds
Keymaker
Lightweight SSH key management on AWS EC2
Stars: ✭ 221 (+718.52%)
Mutual labels:  iam
Osiam
MIT licensed Open Source Identity and Access Management implementing OAuth 2.0 and SCIMv2.
Stars: ✭ 205 (+659.26%)
Mutual labels:  iam
scim
Golang Implementation of the SCIM v2 Specification
Stars: ✭ 108 (+300%)
Mutual labels:  iam
Iamy
A cli tool for importing and exporting AWS IAM configuration to YAML files
Stars: ✭ 200 (+640.74%)
Mutual labels:  iam
auth
A GitHub Action for authenticating to Google Cloud.
Stars: ✭ 567 (+2000%)
Mutual labels:  iam
Home
Welcome to Janssen: the world's fastest cloud native identity and access management platform
Stars: ✭ 176 (+551.85%)
Mutual labels:  iam
Aaia
AWS Identity and Access Management Visualizer and Anomaly Finder
Stars: ✭ 218 (+707.41%)
Mutual labels:  iam
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+29700%)
Mutual labels:  iam
hashids.sql
PL/pgSQL implementation of hashids library
Stars: ✭ 40 (+48.15%)
Mutual labels:  rds
View All Similar Projects ➔

RDS Auth Proxy

GitHub tag (latest SemVer) GitHub branch checks state Go Report Card

A two-layer proxy for connecting into RDS postgres databases based on IAM authentication.

This tool allows you to keep your databases firewalled off, manage database access through IAM policies, and no developer will ever have to share or type a password.

Running the proxy

Connecting with psql

This pairs extremely well with a tool like saml2aws to ensure all AWS/database access uses temporary credentials.

Documentation

End user documentation is available on our project site.

Design

One proxy is run in your VPC subnet that can reach your RDS instances, the other on your client machine (dev laptop, etc.) with access to aws credentials.

The client proxy is responsible for picking a host (RDS instance), and generating a temporary password based on the local IAM identity. The client proxy injects the host and password into the postgres startup message as additional parameters.

Client startup flow

The server proxy accepts a connection from the client proxy, and unpacks the host and password parameters. It then opens a connection to the RDS database and intercepts the authentication request. It then passes along the password it received from the client, and forwards the result to the client.

Auth overview

Releasing

CI handles building binaries and images on tag events.

To create a release, start with a dry-run on the main branch:

git checkout main
./build/release.sh --dry-run

Ensure that the changelog looks as expected, then run it for real:

./build/release.sh
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].