[Notes] IAM Authentication for RDS MySQL

Why cleartext-plugin is used?

IAM auth uses something, very similar to a pre-signed URL as a password.

That is why we must use the --enable-cleartext-plugin option in the connection string.

The --enable-cleartext-plugin syntax is used for passing the password as plain text.

Default behaviour is to encrypt the password before sending it to the server.

Because this pre-signed-url-like token needs to be understood by AWSAuthenticationPlugin, therefore it can not be encrypted.

Moreover for RDS, --enable-cleartext-plugin syntax also indicates that AWSAuthenticationPlugin must be used for the database connection.


When using AWSAuthenticationPlugin, the connection is secured using SSL.
To verify this

show status like 'Ssl%';



If you think this is helpful 🎈
Don't keep it to yourself 🙊

Share it with your lovely followers at twitter 🗽

lets connect viatwitter