Skip to content

NIFI-15216 - Add support for AWS RDS IAM authentication in DBCP Connection Pool #10524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

NIFI-15216 - Add support for AWS RDS IAM authentication in DBCP Connection Pool #10524

wants to merge 1 commit into from

Conversation

@pvillard31
Copy link
Contributor

@pvillard31 pvillard31 commented Nov 13, 2025

Summary

NIFI-15216 - Add support for AWS RDS IAM authentication in DBCP Connection Pool

The goal is to add support for AWS RDS IAM Authentication when connecting over JDBC to an AWS RDS instance.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.html

The approach is the following:

  • nifi-standard-services / nifi-dbcp-service-api
    • Added org.apache.nifi.dbcp.api.DatabasePasswordProvider
    • Added org.apache.nifi.dbcp.api.DatabasePasswordRequestContext
  • nifi-extension-utils / nifi-dbcp-base
    • ProviderAwareBasicDataSource wraps commons‑dbcp BasicDataSource and pulls passwords from an injected DatabasePasswordProvider
    • AbstractDBCPConnectionPool expose the new “Database Password Provider” property and forward the request context
  • nifi-aws-bundle / nifi-aws-processors
    • org.apache.nifi.processors.aws.rds.AwsRdsIamDatabasePasswordProvider implements the API, uses the existing AWS credentials service, and generates IAM auth tokens per connection
    • pom.xml now depends on nifi-dbcp-service-api (scope provided) so the controller service compiles against the shared API
  • nifi-aws-bundle / nifi-aws-nar
    • Still depends only on nifi-aws-service-api-nar (which already drags in nifi-standard-shared-narnifi-standard-services-api-nar)

Class-loader / NAR chain

nifi-standard-services-api-nar
↳ contains nifi-dbcp-service-api (DatabasePasswordProvider, etc.)

nifi-standard-shared-nar
↳ depends on nifi-standard-services-api-nar

nifi-aws-service-api-nar
↳ depends on nifi-standard-shared-nar (so it inherits the entire controller-service API set)

nifi-aws-nar
↳ depends on nifi-aws-service-api-nar
↳ transitively inherits nifi-standard-shared-narnifi-standard-services-api-nar

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
  • Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

  • Pull Request based on current revision of the main branch
  • Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • Build completed using ./mvnw clean install -P contrib-check
    • JDK 21
    • JDK 25

Licensing

  • New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • Documentation formatting appears as expected in rendered files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pvillard31