AWS aurora-dsql documentation change
Summary
Added PHP SDK code example for generating database authentication tokens using generateDbConnectAdminAuthToken and generateDbConnectAuthToken methods
Security assessment
The change documents secure authentication token generation methods but does not address a specific vulnerability. It improves security documentation by showing proper implementation of authentication mechanisms, but there's no evidence of patching a security issue.
Diff
diff --git a/aurora-dsql/latest/userguide/SECTION_authentication-token.md b/aurora-dsql/latest/userguide/SECTION_authentication-token.md index a8f2879e6..3dfdbaf1d 100644 --- a//aurora-dsql/latest/userguide/SECTION_authentication-token.md +++ b//aurora-dsql/latest/userguide/SECTION_authentication-token.md @@ -350,0 +351,30 @@ You can generate the token in the following ways: +PHP SDK + + +You can generate the token in the following ways: + + * If you are connecting with the `admin` role, use `generateDbConnectAdminAuthToken`. + + * If you are connecting with a custom database role, use `generateDbConnectAuthToken`. + + + + + + <?php + require 'vendor/autoload.php'; + + use Aws\DSQL\AuthTokenGenerator; + use Aws\Credentials\CredentialProvider; + + function generateToken(string $yourClusterEndpoint, string $region): string { + $provider = CredentialProvider::defaultProvider(); + $generator = new AuthTokenGenerator($provider); + + // Use generateDbConnectAuthToken if you are not connecting as admin + $token = $generator->generateDbConnectAdminAuthToken($yourClusterEndpoint, $region); + + echo $token . PHP_EOL; + return $token; + } +