{"id":3658,"date":"2025-03-01T13:14:03","date_gmt":"2025-03-01T04:14:03","guid":{"rendered":"https:\/\/blue-bear.jp\/kb\/?p=3658"},"modified":"2025-03-01T13:14:04","modified_gmt":"2025-03-01T04:14:04","slug":"aws-rds-mysql%e3%81%abiam%e8%aa%8d%e8%a8%bc%e3%82%92%e4%bd%bf%e7%94%a8%e3%81%97%e3%81%a6%e6%8e%a5%e7%b6%9a%e3%81%99%e3%82%8b%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/blue-bear.jp\/kb\/aws-rds-mysql%e3%81%abiam%e8%aa%8d%e8%a8%bc%e3%82%92%e4%bd%bf%e7%94%a8%e3%81%97%e3%81%a6%e6%8e%a5%e7%b6%9a%e3%81%99%e3%82%8b%e6%96%b9%e6%b3%95\/","title":{"rendered":"AWS RDS MySQL\u306bIAM\u8a8d\u8a3c\u3092\u4f7f\u7528\u3057\u3066\u63a5\u7d9a\u3059\u308b\u65b9\u6cd5"},"content":{"rendered":"\n

AWS RDS\u306eMySQL\u306b\u63a5\u7d9a\u3059\u308b\u969b\u3001\u901a\u5e38\u306f\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u7528\u3057\u307e\u3059\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5411\u4e0a\u3055\u305b\u308b\u305f\u3081\u306bIAM\u8a8d\u8a3c<\/strong>\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002IAM\u8a8d\u8a3c\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001MySQL\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u7ba1\u7406\u3059\u308b\u5fc5\u8981\u304c\u306a\u304f\u3001AWS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306b\u5f93\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n

\u672c\u8a18\u4e8b\u3067\u306f\u3001boto3\u3092\u4f7f\u7528\u3057\u3066IAM\u8a8d\u8a3c\u3092\u7528\u3044\u305fMySQL\u63a5\u7d9a\u65b9\u6cd5<\/strong>\u3092\u89e3\u8aac\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

\n\n\n\n

1. IAM\u8a8d\u8a3c\u3092\u4f7f\u7528\u3059\u308b\u30e1\u30ea\u30c3\u30c8<\/h2>\n\n\n\n

✅ \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5411\u4e0a<\/h3>\n\n\n\n
    \n
  • MySQL\u306e\u56fa\u5b9a\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u308f\u305a\u3001\u4e00\u6642\u7684\u306a\u30c8\u30fc\u30af\u30f3\u3067\u8a8d\u8a3c\u3067\u304d\u308b\u3002<\/li>\n\n\n\n
  • AWS IAM\u306e\u30dd\u30ea\u30b7\u30fc\u7ba1\u7406\u306b\u3088\u308a\u3001\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u304c\u5bb9\u6613\u3002<\/li>\n<\/ul>\n\n\n\n

    ✅ \u8a8d\u8a3c\u7ba1\u7406\u306e\u81ea\u52d5\u5316<\/h3>\n\n\n\n
      \n
    • \u30e6\u30fc\u30b6\u30fc\u306e\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u3084\u524a\u9664\u304c\u5bb9\u6613\u3002<\/li>\n\n\n\n
    • IAM\u30ed\u30fc\u30eb\u3092\u4f7f\u3048\u3070\u3001EC2\u3084Lambda\u306a\u3069\u306eAWS\u30b5\u30fc\u30d3\u30b9\u304b\u3089\u30b7\u30fc\u30e0\u30ec\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u3002<\/li>\n<\/ul>\n\n\n\n
      \n\n\n\n

      2. RDS MySQL\u306eIAM\u8a8d\u8a3c\u3092\u6709\u52b9\u5316\u3059\u308b<\/h2>\n\n\n\n

      \u307e\u305a\u3001RDS\u306eMySQL\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067IAM\u8a8d\u8a3c\u3092\u6709\u52b9\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n

      🎯 IAM\u8a8d\u8a3c\u3092\u6709\u52b9\u306b\u3059\u308b\u624b\u9806:<\/h3>\n\n\n\n
        \n
      1. AWS\u30b3\u30f3\u30bd\u30fc\u30eb<\/strong> \u2192 RDS\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u4e00\u89a7<\/strong>\u3078\u79fb\u52d5\u3002<\/li>\n\n\n\n
      2. \u5bfe\u8c61\u306eRDS\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u9078\u629e\u3002<\/li>\n\n\n\n
      3. \u5909\u66f4<\/strong> \u2192 \u30d1\u30e9\u30e1\u30fc\u30bf\u30b0\u30eb\u30fc\u30d7<\/strong>\u3092\u958b\u304f\u3002<\/li>\n\n\n\n
      4. rds.iam_authentication<\/code> \u3092 enabled<\/code> \u306b\u5909\u66f4\u3002<\/li>\n\n\n\n
      5. \u5909\u66f4\u3092\u9069\u7528<\/strong>\u3057\u3001RDS\u3092\u518d\u8d77\u52d5\u3002<\/li>\n<\/ol>\n\n\n\n
        \n

        💡 \u6ce8\u610f<\/strong>: IAM\u8a8d\u8a3c\u3092\u6709\u52b9\u306b\u3059\u308b\u3068\u3001GRANT<\/code>\u30b3\u30de\u30f3\u30c9\u3067IAM\u30e6\u30fc\u30b6\u30fc\u3092MySQL\u306b\u767b\u9332\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/blockquote>\n\n\n\n

        CREATE USER 'your-iam-username'@'%' IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';\nGRANT ALL PRIVILEGES ON testdb.* TO 'your-iam-username'@'%';\nFLUSH PRIVILEGES;\n<\/code><\/pre>\n\n\n\n
        \n\n\n\n
        3. boto3\u3092\u4f7f\u3063\u305fIAM\u8a8d\u8a3cMySQL\u63a5\u7d9a<\/h2>\n\n\n\n
        AWS\u306eboto3<\/code>\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u3063\u3066\u3001IAM\u8a8d\u8a3c\u3067MySQL\u306b\u63a5\u7d9a\u3059\u308bPython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
        🎯 \u5fc5\u8981\u306a\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n\n\n\n
        pip install boto3 pymysql\n<\/code><\/pre>\n\n\n\n
        🎯 IAM\u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3\u3092\u4f7f\u7528\u3057\u3066MySQL\u306b\u63a5\u7d9a<\/h3>\n\n\n\n
        import boto3\nimport pymysql\nimport pandas as pd\n\n# IAM\u8a8d\u8a3c\u60c5\u5831\u306e\u53d6\u5f97\ncloud_provider_dictionary = {\n    \"ACCESS_KEY_ID\": cloud_provider_object.access_key_id,\n    \"SECRET_ACCESS_KEY\": cloud_provider_object.secret_access_key,\n    \"TOKEN\": cloud_provider_object.token\n}\n\nboto3_session_args = {\n    'aws_access_key_id': cloud_provider_dictionary[\"ACCESS_KEY_ID\"],\n    'aws_secret_access_key': cloud_provider_dictionary[\"SECRET_ACCESS_KEY\"],\n    'aws_session_token': cloud_provider_dictionary[\"TOKEN\"],\n    'region_name': 'ap-northeast-1'  # \u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3\n}\n\nsession = boto3.Session(**boto3_session_args)\n\n# RDS\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u60c5\u5831\u3092\u53d6\u5f97\nrds_client = session.client('rds')\ndb_instance_identifier = 'your-db-instance-identifier'\n\nresponse = rds_client.describe_db_instances(DBInstanceIdentifier=db_instance_identifier)\nrds_endpoint = response['DBInstances'][0]['Endpoint']['Address']\nrds_port = response['DBInstances'][0]['Endpoint']['Port']\n\n# IAM\u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3\u306e\u751f\u6210\nrds_iam_user = 'your-iam-username'\nauth_token = rds_client.generate_db_auth_token(DBHostname=rds_endpoint, Port=rds_port, DBUsername=rds_iam_user)\n\n# MySQL\u63a5\u7d9a\u8a2d\u5b9a\nmysql_config = {\n    'host': rds_endpoint,\n    'port': rds_port,\n    'user': rds_iam_user,\n    'password': auth_token,\n    'database': 'testdb',\n    'ssl': {'ca': '\/path\/to\/rds-combined-ca-bundle.pem'}  # \u5fc5\u8981\u306b\u5fdc\u3058\u3066SSL\u8a3c\u660e\u66f8\u3092\u6307\u5b9a\n}\n\n# MySQL\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u63a5\u7d9a\u3057\u3066\u30c7\u30fc\u30bf\u3092\u53d6\u5f97\ndef fetch_data_from_mysql():\n    connection = pymysql.connect(**mysql_config)\n    try:\n        query = \"SELECT * FROM user;\"\n        data_frame = pd.read_sql(query, connection)\n    finally:\n        connection.close()\n    return data_frame\n\ndef main():\n    data_frame = fetch_data_from_mysql()\n    return data_frame\n\n# \u5b9f\u884c\ndata = main()\nprint(data)\n<\/code><\/pre>\n\n\n\n
        \n\n\n\n
        4. IAM\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a<\/h2>\n\n\n\n
        RDS IAM\u8a8d\u8a3c\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u3001MySQL\u30e6\u30fc\u30b6\u30fc\u306b\u5bfe\u5fdc\u3059\u308bIAM\u30e6\u30fc\u30b6\u30fc\/\u30ed\u30fc\u30eb\u306b\u9069\u5207\u306a\u30dd\u30ea\u30b7\u30fc\u3092\u4ed8\u4e0e\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n
        🎯 IAM\u30dd\u30ea\u30b7\u30fc\u306e\u4f8b\uff08rds-db:connect<\/code>\uff09<\/h3>\n\n\n\n
        IAM\u30e6\u30fc\u30b6\u30fc\/\u30ed\u30fc\u30eb\u306b\u4ee5\u4e0b\u306e\u30dd\u30ea\u30b7\u30fc\u3092\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n
        {\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Effect\": \"Allow\",\n            \"Action\": \"rds-db:connect\",\n            \"Resource\": \"arn:aws:rds-db:ap-northeast-1:123456789012:dbuser:your-db-instance-identifier\/your-iam-username\"\n        }\n    ]\n}\n<\/code><\/pre>\n\n\n\n
        arn:aws:rds-db:<region>:<account-id>:dbuser:<db-instance-id>\/<iam-user><\/code><\/p>\n\n\n\n
        your-db-instance-identifier<\/code> \u306f RDS \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u8b58\u5225\u5b50\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
        \n\n\n\n
        5. \u307e\u3068\u3081<\/h2>\n\n\n\n
        ✅ AWS IAM\u8a8d\u8a3c\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001MySQL\u306e\u56fa\u5b9a\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u7ba1\u7406\u3059\u308b\u5fc5\u8981\u304c\u306a\u304f\u306a\u308b<\/strong>\u305f\u3081\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5411\u4e0a\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n
        boto3.Session<\/code>\u3092\u4f7f\u3063\u3066\u3001\u4e00\u6642\u7684\u306aIAM\u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3\u3092\u751f\u6210\u3057\u3001\u305d\u308c\u3092MySQL\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3068\u3057\u3066\u5229\u7528<\/strong>\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
        ✅ IAM\u30dd\u30ea\u30b7\u30fc\u3067\u9069\u5207\u306a\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u8a2d\u5b9a\u3057\u3001IAM\u8a8d\u8a3c\u3092\u4f7f\u3063\u3066\u5b89\u5168\u306bMySQL\u3078\u63a5\u7d9a\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n
        \u3053\u308c\u3067\u3001AWS RDS MySQL\u3078\u306eIAM\u8a8d\u8a3c\u3092\u6d3b\u7528\u3057\u3001\u3088\u308a\u5b89\u5168\u3067\u30b9\u30b1\u30fc\u30e9\u30d6\u30eb\u306a\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u3067\u304d\u307e\u3059\uff01🎉<\/p>\n\n\n\n
        \n\n\n\n
        💬 \u53c2\u8003\u8cc7\u6599<\/h3>\n\n\n\n