You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, thank you for this work. We'd like to use it to eliminate needing to manually manage and rotate postgres passwords when in the AWS environment.
I'm concerned that because a new password token is generated on every point of need, that we will run into the AWS 200-per-second rate limit for our production uses, which will spin up dozens of ECS instances, each with upwards of 100 connections. This concern would be alleviated if password tokens were cached and reused until expiry.
I submitted a PR to the ruby-pg project to add fetching and caching directly there, but that maintainer rejected it as they're (unsurprisingly) not interested in having such AWS-specific code, which is also difficult to integration test, in that gem.
First, thank you for this work. We'd like to use it to eliminate needing to manually manage and rotate postgres passwords when in the AWS environment.
I'm concerned that because a new password token is generated on every point of need, that we will run into the AWS 200-per-second rate limit for our production uses, which will spin up dozens of ECS instances, each with upwards of 100 connections. This concern would be alleviated if password tokens were cached and reused until expiry.
I submitted a PR to the ruby-pg project to add fetching and caching directly there, but that maintainer rejected it as they're (unsurprisingly) not interested in having such AWS-specific code, which is also difficult to integration test, in that gem.
The key component here is the code to cache generated tokens. https://github.com/matt-domsch-sp/ruby-pg/blob/rds-iam-authentication/lib/pg/aws_iam_auth.rb
Could something similar be added to this gem to cache and reuse tokens until expiry?
The text was updated successfully, but these errors were encountered: