I am building a service using Python, Pony ORM and PostgreSQL. I plan hosting it in AWS. I will use AWS RDS PostgreSQL.
AWS supports passwordless connection to RDS (https://aws.amazon.com/premiumsupport/knowledge-center/rds-postgresql-connect-using-iam/, https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Python.html).
Essentially, I have to generate a short-living password before connecting to my database:
session = boto3.Session(profile_name='RDSCreds')
client = session.client('rds')
token = client.generate_db_auth_token(DBHostname=ENDPOINT, Port=PORT, DBUsername=USER, Region=REGION)
conn = psycopg2.connect(host=ENDPOINT, port=PORT, database=DBNAME, user=USER, password=token, sslrootcert="SSLCERTIFICATE")
Is there a way to integrate this approach with Pony ORM? Under the hood Pony just delegates connection to psycopg2
. psycopg2
accepts username and password. But how can I make sure that when Pony reconnects to the database, there's a token that it can use?