Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@aws-sdk/rds-signer
Advanced tools
RDS utility for generating a password that can be used for IAM authentication to an RDS DB.
@aws-sdk/rds-signer is an AWS SDK package that allows you to generate an authentication token for connecting to an Amazon RDS database. This token can be used in place of a password when connecting to the database, providing a secure way to authenticate without hardcoding credentials.
Generate Authentication Token
This feature allows you to generate an authentication token for connecting to an Amazon RDS database. The token can be used in place of a password, providing a secure way to authenticate without hardcoding credentials.
const { RDSClient, CreateDBInstanceCommand } = require('@aws-sdk/client-rds');
const { RDSAuthTokenGenerator } = require('@aws-sdk/rds-signer');
const client = new RDSClient({ region: 'us-west-2' });
const signer = new RDSAuthTokenGenerator(client);
const authToken = signer.getAuthToken({
hostname: 'mydbinstance.123456789012.us-west-2.rds.amazonaws.com',
port: 3306,
username: 'mydbuser'
});
console.log(`Generated Auth Token: ${authToken}`);
The 'mysql' package is a popular Node.js client for MySQL databases. Unlike @aws-sdk/rds-signer, it does not provide functionality for generating authentication tokens for Amazon RDS. Instead, it focuses on providing a comprehensive API for interacting with MySQL databases.
The 'pg' package is a PostgreSQL client for Node.js. Similar to the 'mysql' package, it does not offer token generation for Amazon RDS. It provides a robust API for interacting with PostgreSQL databases, including connection pooling and query execution.
Sequelize is a promise-based Node.js ORM for various SQL databases, including MySQL, PostgreSQL, and SQLite. While it offers a higher-level abstraction for database interactions, it does not provide specific functionality for generating authentication tokens for Amazon RDS.
This package provides utilities for interacting with RDS.
npm install @aws-sdk/rds-signer
ES6 import
import { Signer } from "@aws-sdk/rds-signer";
Or CommonJS import
const { Signer } = require("@aws-sdk/rds-signer");
const signer = new Signer({
/**
* Required. The hostname of the database to connect to.
*/
hostname: "db.us-east-1.rds.amazonaws.com",
/**
* Required. The port number the database is listening on.
*/
port: 8000,
/**
* Required. The username to login as.
*/
username: "user1",
/**
* Optional. The AWS credentials to sign requests with. Uses the default credential provider chain in not specified.
*/
credentials: fromNodeCredentialProvider(),
/**
* Optional. The region the database is located in. Uses the region inferred from the runtime if omitted.
*/
region: "us-east-1",
/**
* Optional. The SHA256 hasher constructor to sign the request.
*/
sha256: HashCtor,
});
const token = await signer.getAuthToken();
// Use this token as the password for connecting to your RDS instance
For more details and examples, refer to the following resources. Usage is similar across DB engines.
3.131.0 (2022-07-15)
FAQs
RDS utility for generating a password that can be used for IAM authentication to an RDS DB.
The npm package @aws-sdk/rds-signer receives a total of 153,828 weekly downloads. As such, @aws-sdk/rds-signer popularity was classified as popular.
We found that @aws-sdk/rds-signer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.