-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CT-2860] [Feature] Add AWS IAM Authentication to dbt-postgres #14
Comments
My concern is that this sets precedent for making
I'll let @Fleid and @dataders make the ultimate call here. There are, no doubt, a lot of people using dbt-postgres + AWS RDS out in the world. This risks adding some dependency bloat & maintenance burden to an adapter that we otherwise try to keep pretty lightweight & vanilla. |
@graciegoheen your take would be valuable too. The way I see it, So I'd much rather have long-lived shallow forks of dbt-postgres being developed and maintained out there, with the additional authentication methods living there. That could, and should, be the only difference in those forks compared to the origin, to be able to stay aligned as easily as possible. But that requires us to move dbt-postres out of dbt-core, which last I checked was in the plans. If I'm not mistaken @jtcohen6? |
|
We would love to see this happen as well. We can create a new fork which will be called |
@christopherscholz |
Closing this out as we view this as outside the scope of dbt-postgres as an adapter. |
Is this your first time submitting a feature request?
Describe the feature
As with dbt-redshift, I would like to enable dbt-postgres to use AWS IAM Authentication. I use IAM Authentication for nearly everything and it just bugs me that it is available with dbt-redshift but not with dbt-postgres.
I envision the same setup as dbt-redshift. With a connection factory that returns a connection function.
This would easily allow other implementations as well.
The following profile configurations would change
password
becomes optionalmethod
is added: defaultdatabase
; options:database
,iam
iam_profile
is added: defaultNone
, used to overwrite default AWS IAM profileregion
is added: defaultNone
, used to overwrite default AWS RegionIf IAM is chosen as method, then before connecting to the PostgreSQL db using
psycopg2.connect
, it wouldDescribe alternatives you've considered
Instead of implementing it in dbt, you could create a wrapper for dbt, which gets the token and passes it as a environment variable to dbt. Using env_var in the profile I could use this token as password.
But this token could only be used once. If during the run, the connection has to be reopened, this wouldn't work. Therefore I really don't like this this idea.
Who will this benefit?
Everybody who is running dbt in AWS and is using IAM authentication for RDS PostgreSQL.
Are you interested in contributing this feature?
Yes; Since this is my first contribution to dbt, please give me some guidance.
Anything else?
There is a closed issue dbt-labs/dbt-core#3122, which was closed because it became stale. The author is asking for a implementation for IAM Authentication with Amazon Aurora PostgreSQL.
There is no difference in the IAM Authentication implementation for Amazon RDS Aurora PostgreSQL and Amazon RDS for PostgreSQL. Both work exactly the same.
The text was updated successfully, but these errors were encountered: