[IDEA] Native Support for AWS Advanced JDBC Driver & IAM Authentication #247
Description
Currently, OIE requires static database credentials or manual management of external libraries to facilitate AWS RDS connections with IAM roles. In HITRUST and FedRAMP regulated environments, static credentials pose a significant security risk and increase administrative overhead for rotation.
Furthermore, because OIE does not publish a formal Bill of Materials (BOM) or pom.xml, manually integrating the AWS Advanced JDBC Driver is a fragile process. Users must perform manual dependency analysis for every upgrade to avoid classpath conflicts with existing AWS SDK libraries and JDBC drivers packaged with the server engine.
Describe the solution you'd like
Provide out-of-the-box support for the AWS Advanced JDBC Driver with native IAM-based authentication. This should include:
Integrated Libraries: Include the AWS Advanced JDBC Driver and necessary AWS SDK dependencies in the standard distribution.
Authentication Provider: Enable OIE to utilize the AwsIamAuthenticationPlugin, allowing the server to use its IAM Role to generate short-lived (15-minute) login tokens automatically.
UI Integration: Add a specific "AWS IAM" authentication type in the Database Reader/Writer and Settings connectors to streamline configuration.
Describe alternatives you've considered
Currently having to evaluate all dependencies manually and hand-craft a pom.xml with provided or excluded libraries to avoid overlap with already included jars, then use maven to download all of the appropriate libraries, copy them into the relevant directories on the server.
This process would have to be repeated with every new version since libraries are subject to change in each release.