add user documentation for DSQL plugin #1478
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
danielfrankcom
force-pushed
the
dev/frankcom/dsql-docs
branch
from
cf70258 to
96d089f
Compare
|
Update 96d089f adds references to the new docs/samples to the top-level documentation which I missed in the initial push. The diff for the example table update is a little messy because the table cells are not aligned on
|
danielfrankcom
force-pushed
the
dev/frankcom/dsql-docs
branch
from
96d089f to
7f0d46e
Compare
|
Update to 7f0d46e changes the |
danielfrankcom
force-pushed
the
dev/frankcom/dsql-docs
branch
from
7f0d46e to
71a809e
Compare
|
Change to 71a809e updates the wording around |
imforster
reviewed
Jul 18, 2025
...erExample/src/main/java/software/amazon/AwsAuroraDsqlIamAuthenticationDatasourceExample.java
Show resolved
Hide resolved
danielfrankcom
force-pushed
the
dev/frankcom/dsql-docs
branch
from
71a809e to
c79cadd
Compare
|
Update to c79cadd is a simple rebase, mostly to trigger CI jobs. |
sergiyvamz
reviewed
Jul 22, 2025
docs/using-the-jdbc-driver/using-plugins/UsingTheDsqlAuthenticationPlugin.md
Show resolved
Hide resolved
sergiyvamz
reviewed
Jul 22, 2025
...es/AWSDriverExample/src/main/java/software/amazon/AwsAuroraDsqlIamAuthenticationExample.java
Show resolved
Hide resolved
sergiyvamz
approved these changes
Jul 23, 2025
danielfrankcom
force-pushed
the
dev/frankcom/dsql-docs
branch
from
c79cadd to
ebcf5d8
Compare
|
Update to ebcf5d8 improves some of the messaging in the main |
karenc-bq
reviewed
Jul 30, 2025
|
|
||
| The AWS JDBC Driver is targeted to work with **any** existing JDBC driver. Currently, the AWS JDBC Driver has been validated to support the [PostgreSQL JDBC Driver](https://github.com/pgjdbc/pgjdbc), [MySQL JDBC Driver](https://github.com/mysql/mysql-connector-j), and [MariaDB JDBC Driver](https://github.com/mariadb-corporation/mariadb-connector-j). | ||
|
|
||
| In conjunction with the JDBC Drivers for PostgreSQL, MySQL, and MariaDB, the AWS JDBC Driver enables functionalities from Amazon Aurora such as fast failover for PostgreSQL and MySQL Aurora clusters. It also introduces integration with AWS authentication services such as [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) and [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/). | ||
| The AWS JDBC Driver provides modular functionality through feature plugins, with each plugin being relevant to specific services based on their architecture and capabilities. For example, [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) authentication is supported across multiple services, while [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) applies to services that support password-based authentication. The fast failover plugin provides reduced recovery time during failover for Aurora PostgreSQL and Aurora MySQL clusters, though it is not applicable to Aurora DSQL due to its active-active architecture. |
There was a problem hiding this comment.
Suggested change
| The AWS JDBC Driver provides modular functionality through feature plugins, with each plugin being relevant to specific services based on their architecture and capabilities. For example, [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) authentication is supported across multiple services, while [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) applies to services that support password-based authentication. The fast failover plugin provides reduced recovery time during failover for Aurora PostgreSQL and Aurora MySQL clusters, though it is not applicable to Aurora DSQL due to its active-active architecture. | |
| The AWS JDBC Driver provides modular functionality through feature plugins, with each plugin being relevant to specific database services based on their architecture and capabilities. For example, [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) authentication is supported across multiple services, while [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) applies to services that support password-based authentication. The fast failover plugin provides reduced recovery time during failover for Aurora PostgreSQL and Aurora MySQL clusters, though it is not applicable to Aurora DSQL due to its active-active architecture. |
karenc-bq
reviewed
Jul 30, 2025
|
|
||
| The main idea behind the AWS JDBC Driver is to add a software layer on top of an existing JDBC driver that would enable all the enhancements brought by Aurora, without requiring users to change their workflow with their databases and existing JDBC drivers. | ||
| ### Seamless AWS Service Integration |
There was a problem hiding this comment.
Does it make sense to specify authentication services? i.e. Seamless AWS Authentication Service Integration
karenc-bq
reviewed
Jul 30, 2025
| The AWS JDBC Driver has been optimized for such fast failover when working with AWS RDS Multi-AZ DB Clusters. | ||
| The plugin-based design ensures applications only load the functionality they need, reducing dependencies and overhead. | ||
|
|
||
| ## Benefits for Aurora PostgreSQL, Aurora MySQL, and RDS |
There was a problem hiding this comment.
Personally this heading sounds like we are going to talk about benefits of using Aurora databases instead of benefits of the wrapper. What do you think of changing this and the previous heading from
## Benefits of the AWS JDBC Driver
## Benefits for Aurora PostgreSQL, Aurora MySQL, and RDS
to
## Benefits of the AWS JDBC Driver for All Aurora and RDS Database Services
## Benefits of the AWS JDBC Driver for Aurora PostgreSQL, Aurora MySQL, and RDS
karenc-bq
reviewed
Jul 30, 2025
|
|
||
| | Parameter | Value | Required | Description | Example Value | | ||
| |-------------------|:-------:|:--------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------| | ||
| | `iamHost` | String | No | This property will override the default hostname that is used to generate the IAM token. The default hostname is derived from the connection string. | `cluster-identifier.dsql.us-east-1.on.aws` | |
There was a problem hiding this comment.
Based on the conversation above where IP and Custom Endpoints are not accepted during connection, does it make sense to mention iamHost in the docs right now?
karenc-bq
reviewed
Jul 30, 2025
| |-------------------|:-------:|:--------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------| | ||
| | `iamHost` | String | No | This property will override the default hostname that is used to generate the IAM token. The default hostname is derived from the connection string. | `cluster-identifier.dsql.us-east-1.on.aws` | | ||
| | `iamRegion` | String | No | This property will override the default region that is used to generate the IAM token. The default region is parsed from the connection string where possible. Some connection string formats may not be supported, and the `iamRegion` must be provided in these cases. | `us-east-2` | | ||
| | `iamExpiration` | Integer | No | This property determines how long an IAM token is kept in the driver cache before a new one is generated. The default expiration time is set to be 14 minutes and 30 seconds. Note that IAM database authentication tokens have a lifetime of 15 minutes. | `600` | |
There was a problem hiding this comment.
Is this accurate given DSQL allows you to set server sided token lifetime
karenc-bq
reviewed
Jul 30, 2025
|
|
||
| // This file shows how to establish an Aurora DSQL connection using HikariCP datasource and the Aurora DSQL IAM | ||
| // authentication plugin. | ||
| public class AwsAuroraDsqlIamAuthenticationDatasourceExample { |
There was a problem hiding this comment.
What do you think of creating a new submodule for DSQL sample codes to reduce noise for DSQL customers
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds user documentation and associated examples for using the AWS Aurora DSQL IAM authentication plugin.
This accompanies the change in #1477, which adds the
dsqlplugin implementation and tests.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.