I'm developing Go app with AWS SDK v2 for Go.
I want to connect to my RDS DB through RDS Proxy using IAM Role for auth. I've found an examples in SDK docs how to do it in SDK v1, however with SDK v1 I have a problem with assuming correct IAM role inside my AWS EKS pod (AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE environment variables).
There was an open issue regarding that (https://github.com/aws/aws-sdk-go/issues/3101#issuecomment-604739840), however with below code I still can't make it work with SDK v1 (AWS assumes Worker Node IAM role instead of Pod role from env vars):
sess, sessErr := session.NewSessionWithOptions(
session.Options{
Config: aws.Config{
Region: aws.String(os.Getenv("DB_REGION")),
},
SharedConfigState: session.SharedConfigEnable,
},
)
...
client := rds.New(sess)
pass, errToken := rdsutils.BuildAuthToken(host, os.Getenv("AWS_REGION"), user, client.Config.Credentials)
Instead, I decided to try with SDK v2, but I discovered that both rdsutils and BuildAuthToken were removed from the SDK on 25 Sep 2020 (https://github.com/aws/aws-sdk-go-v2/commit/eecb706f5d1e3ca44aafca5c042ea275f4050764#diff-457ec6738454cb66ee5a04f7b14c84ecf31f37cb2f42f428cc28dc099970f8cd). Now I'm lost. With SDK v1 I'm not able to properly assume IAM role, but with SDK v2 I don't even see any option to retrieve a token for RDS at all.
Does anybody have any experience with deploying Go app on AWS EKS which connects to RDS Proxy using IAM Role?
