I have a lambda function written in dotnet core 2.1. This code uses the Oracle MySql provider (v8.0.19). A MySQL RDS (v5.7.26) is running with a user configured to use the AWSAuthenticationPlugin as described in the AWS article linked below.
I'm able to connect to this RDS using a normal username/password combination, but I want to use IAM Authentication instead. This article describes how to do this using the mysql client on a linux server: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.html
I've created the IAM policy and I'm able to load the token in the lambda function via RDSAuthTokenGenerator.GenerateAuthToken. The connection string is built as follows:
MySqlConnection c = new MySqlConnection();
MySqlConnectionStringBuilder csb = new MySqlConnectionStringBuilder();
csb.Server = "dbinstanceName.xxx.us-xxx-1.rds.amazonaws.com";
csb.Port = 3306;
csb.Database = "Database";
csb.UserID = "DatabaseUserName";
csb.Password = RDSAuthTokenGenerator.GenerateAuthToken("dbinstanceName.xxx.us-xxx-1.rds.amazonaws.com", 3306, "DatabaseUserName");
csb.SslMode = MySqlSslMode.VerifyFull;
c.ConnectionString = csb.ConnectionString;
When I pass this token as the value for password in the connection string, I get the exception:
"errorType": "MySqlException", "errorMessage": "Authentication method 'mysql_clear_password' not supported by any of the available plugins."
This MySQL article describes Client-Side cleartext pluggable Authentication (https://dev.mysql.com/doc/refman/5.7/en/cleartext-pluggable-authentication.html), however I don't know how to enable this plugin in the MySQL provider in dotnet.
Can anyone suggest a way to send this RDS Token in the connection string in clear text in dotnet core? I can't seem to figure out how this is done.
