我正在尝试使用SSL连接与SQLAlchemy连接到Amazon Aurora,将IAM角色指定为数据库用户帐户并将身份验证令牌指定为密码,如[AWS docs]中所述(http://docs.aws.amazon) .com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html#UsingWithRDS.IAMDBAuth.Connecting)
这些是我遵循的步骤.
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
export LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=1
aws rds generate-db-auth-token --hostname 'datadbcluster-1.cluster-xxxxxxxxxxxx.us-west-2.rds.amazonaws.com' --port 3306 --username dt_analyst --region us-west-2 > /home/ubuntu/dt_analyst.pem
mysql -h datadbinstance2nd. xxxxxxxxxxxx.us-west-2.rds.amazonaws.com--ssl-ca /home/ubuntu/rds-combined-ca-bundle.pem -u dt_analyst --ssl-verify-server-cert --enable-cleartext-plugin -p'<token>'
我确认我可以使用mysql客户端通过SSL连接.
但我想使用sqlalchemy而不是mysql客户端进行连接.以下代码是根据Internet上的十几条建议编译的,但只会产生以下错误.
'sqlalchemy.exc.OperationalError:(_ mysql_exceptions.OperationalError)(1045,"用户拒绝访问...")'
我的代码如下.
import boto3
client = boto3.client('rds', region_name='us-west-2')
dialect='mysql'
user = ‘dt_analyst’
host = 'datadbcluster-1.cluster-xxxxxxxxxxxx.us-west-2.rds.amazonaws.com'
port = 3306
data = ‘datadb’
region='us-west-2'
token = client.generate_db_auth_token(host,port,user,region)
host1 = 'datadbinstance2nd. xxxxxxxxxxxx.us-west-2.rds.amazonaws.com'
conn_str = '%s://%s:%s@%s:%d/%s'%(dialect,user,token,host1,port,data)
conn_str += '?ssl_key=%s'%token
conn_str += '&ssl_cert=’/home/ubuntu/rds-combined-ca-bundle.pem'
ssl_args = {
'ssl': { …