rds-iam-auth 1.0.0

package/README.md

@@ -0,0 +1,65 @@
+# rds-iam-auth
+
+Generate AWS RDS IAM authentication tokens, usable both as a CLI and as a library. Wraps [`@aws-sdk/rds-signer`](https://www.npmjs.com/package/@aws-sdk/rds-signer).
+
+## Install
+
+```bash
+npm install
+```
+
+To use it as a global CLI command:
+
+```bash
+npm i -g .
+```
+
+Rerun `npm i -g .` after any code change to pick it up in the globally installed command.
+
+## CLI usage
+
+```bash
+rds-iam-auth --host <endpoint> --user <username> [--region <region>] [--port <port>]
+```
+
+| Flag | Alias | Required | Description |
+| --- | --- | --- | --- |
+| `--host` | `-h` | yes | RDS instance endpoint |
+| `--user` | `-u` | yes | Database username |
+| `--region` | `-r` | no | AWS region. Falls back to `AWS_REGION` / `AWS_DEFAULT_REGION` env vars |
+| `--port` | `-p` | no | Database port. Defaults to `5432` (Postgres) |
+| `--help` | | | Show usage |
+
+Example:
+
+```bash
+rds-iam-auth --host mydb.abc123.us-east-1.rds.amazonaws.com --user myuser --region us-east-1
+```
+
+The generated token is printed to stdout. Errors and usage text go to stderr, with a non-zero exit code on failure.
+
+AWS credentials are resolved via the default AWS SDK v3 credential chain (environment variables, shared config/credentials file, EC2/ECS/Lambda role, etc.) — this package only generates the IAM auth token, it does not configure AWS credentials itself.
+
+## Programmatic usage
+
+```js
+const { getRdsAuthToken } = require('rds-iam-auth');
+
+const token = await getRdsAuthToken({
+  host: 'mydb.abc123.us-east-1.rds.amazonaws.com',
+  user: 'myuser',
+  region: 'us-east-1', // optional, falls back to AWS_REGION / AWS_DEFAULT_REGION
+  port: 5432,          // optional, defaults to 5432
+});
+```
+
+## Project structure
+
+- `lib/get-rds-auth-token.js` — core logic (`getRdsAuthToken`, `DEFAULT_PORT`)
+- `bin/rds-iam-auth.js` — CLI entry point
+- `index.js` — programmatic entry point, re-exports from `lib/`
+
+## Notes
+
+- This package is marked `"private": true` and is not set up for publishing to any registry.
+- On Windows, if the globally installed CLI fails under Git Bash with a confusing error, try PowerShell or cmd.exe instead — this is an environment quirk unrelated to this package.

package/bin/rds-iam-auth.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+
+const { getRdsAuthToken, DEFAULT_PORT } = require('../lib/get-rds-auth-token');
+
+const USAGE = `Usage: rds-iam-auth --host <endpoint> --user <username> [--region <region>] [--port <port>]
+
+Options:
+  --host, -h <endpoint>   RDS instance endpoint (required)
+  --user, -u <username>   Database username (required)
+  --region, -r <region>   AWS region (optional, defaults to AWS_REGION/AWS_DEFAULT_REGION env var)
+  --port, -p <port>       Database port (optional, defaults to ${DEFAULT_PORT})
+  --help                  Show this help message
+
+AWS credentials are resolved via the default AWS SDK credential chain
+(environment variables, shared config/credentials file, EC2/ECS/Lambda role, etc).
+`;
+
+function parseArgs(argv) {
+  const args = { port: DEFAULT_PORT };
+
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    switch (arg) {
+      case '--host':
+      case '-h':
+        args.host = argv[++i];
+        break;
+      case '--user':
+      case '-u':
+        args.user = argv[++i];
+        break;
+      case '--region':
+      case '-r':
+        args.region = argv[++i];
+        break;
+      case '--port':
+      case '-p': {
+        const value = argv[++i];
+        const port = Number(value);
+        if (!Number.isInteger(port) || port <= 0) {
+          throw new Error(`Invalid port: ${value}`);
+        }
+        args.port = port;
+        break;
+      }
+      case '--help':
+        args.help = true;
+        break;
+      default:
+        throw new Error(`Unknown argument: ${arg}`);
+    }
+  }
+
+  return args;
+}
+
+async function main() {
+  let args;
+  try {
+    args = parseArgs(process.argv.slice(2));
+  } catch (err) {
+    console.error(`Error: ${err.message}\n`);
+    console.error(USAGE);
+    process.exit(1);
+  }
+
+  if (args.help) {
+    console.log(USAGE);
+    return;
+  }
+
+  const missing = ['host', 'user'].filter((key) => !args[key]);
+  if (missing.length > 0) {
+    console.error(`Error: missing required argument(s): ${missing.join(', ')}\n`);
+    console.error(USAGE);
+    process.exit(1);
+  }
+
+  try {
+    const token = await getRdsAuthToken(args);
+    console.log(token);
+  } catch (err) {
+    console.error(`Error generating RDS auth token: ${err.message}`);
+    process.exit(1);
+  }
+}
+
+main();

package/index.js

@@ -0,0 +1,3 @@
+const { getRdsAuthToken, DEFAULT_PORT } = require('./lib/get-rds-auth-token');
+
+module.exports = { getRdsAuthToken, DEFAULT_PORT };

package/lib/get-rds-auth-token.js

@@ -0,0 +1,28 @@
+const { Signer } = require('@aws-sdk/rds-signer');
+
+const DEFAULT_PORT = 5432;
+
+async function getRdsAuthToken({ host, user, region, port = DEFAULT_PORT }) {
+  if (!host) {
+    throw new Error('"host" is required');
+  }
+  if (!user) {
+    throw new Error('"user" is required');
+  }
+
+  const resolvedRegion = region || process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION;
+  if (!resolvedRegion) {
+    throw new Error('No region provided. Pass "region" or set AWS_REGION/AWS_DEFAULT_REGION.');
+  }
+
+  const signer = new Signer({
+    hostname: host,
+    port,
+    username: user,
+    region: resolvedRegion,
+  });
+
+  return signer.getAuthToken();
+}
+
+module.exports = { getRdsAuthToken, DEFAULT_PORT };

package/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "rds-iam-auth",
+  "version": "1.0.0",
+  "description": "CLI to generate an IAM authentication token for AWS RDS",
+  "main": "index.js",
+  "bin": {
+    "rds-iam-auth": "./bin/rds-iam-auth.js"
+  },
+  "files": [
+    "bin",
+    "lib",
+    "index.js"
+  ],
+  "scripts": {
+    "start": "node bin/rds-iam-auth.js"
+  },
+  "dependencies": {
+    "@aws-sdk/rds-signer": "^3.1071.0"
+  }
+}