AWS::RDS::DBProxy AuthFormat - AWS CloudFormation
SyntaxPropertiesExamples

AWS::RDS::DBProxy AuthFormat

Specifies the details of authentication used by a proxy to log in as a specific database user.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "AuthScheme" : String,
  "ClientPasswordAuthType" : String,
  "Description" : String,
  "IAMAuth" : String,
  "SecretArn" : String
}

YAML

  AuthScheme: String
  ClientPasswordAuthType: String
  Description: String
  IAMAuth: String
  SecretArn: String

Properties

AuthScheme

The type of authentication that the proxy uses for connections from the proxy to the underlying database.

Required: No

Type: String

Allowed values: SECRETS

Update requires: No interruption

ClientPasswordAuthType

Specifies the details of authentication used by a proxy to log in as a specific database user.

Required: No

Type: String

Allowed values: MYSQL_NATIVE_PASSWORD | POSTGRES_SCRAM_SHA_256 | POSTGRES_MD5 | SQL_SERVER_AUTHENTICATION

Update requires: No interruption

Description

A user-specified description about the authentication used by a proxy to log in as a specific database user.

Required: No

Type: String

Update requires: No interruption

IAMAuth

A value that indicates whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. The ENABLED value is valid only for proxies with RDS for Microsoft SQL Server.

Required: No

Type: String

Allowed values: DISABLED | REQUIRED | ENABLED

Update requires: No interruption

SecretArn

The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager.

Required: No

Type: String

Update requires: No interruption

Examples

The following example specifies authentication details for a proxy.

Authentication details

JSON

"ProcessorFeatures":[
   {
      "AuthScheme": "SECRETS",
      "ClientPasswordAuthType": "MYSQL_NATIVE_PASSWORD",
      "Description": "Proxy authentication for MySQL",
      "IAMAuth": "DISABLED",
      "SecretArn": "arn:aws:secretsmanager:us-west-2:111122223333:secret:aes128-1a2b3c"
   }
]

YAML

Auth:
  AuthScheme: SECRETS
  ClientPasswordAuthType: MYSQL_NATIVE_PASSWORD
  Description: Proxy authentication for MySQL
  IAMAuth: DISABLED
  SecretArn: arn:aws:secretsmanager:us-west-2:111122223333:secret:aes128-1a2b3c