This repo contains the Scroll database client.
Database client will provide init, show version, rollback, check status services
make db_cli# Migrate
db_cli migrate
# Reset
db_cli reset
# Status
db_cli status
# Version
db_cli version
# RollBack
db_cli rollbackInstead of a static password in the DSN, services can authenticate to AWS RDS/Aurora PostgreSQL using short-lived IAM auth tokens. This removes the need to rotate database passwords: access is granted via IAM and tokens are regenerated automatically (they expire every 15 minutes) for each new connection.
Enable it per service in the DB config block:
{
"dsn": "postgres://svc_user@mydb.abc123.us-east-1.rds.amazonaws.com:5432/scroll?sslmode=require",
"driver_name": "postgres",
"maxOpenNum": 200,
"maxIdleNum": 20,
"useIAMAuth": true,
"awsRegion": "us-east-1"
}Notes:
- Omit the password from the
dsn; it is supplied by the generated IAM token. awsRegionis optional — when empty it is resolved from the default AWS config chain (e.g. theAWS_REGIONenvironment variable).- IAM auth requires TLS, so the DSN must set
sslmode=requireor higher.sslmode=disable/allow/prefer(including an unsetsslmode, which defaults toprefer) are rejected at startup rather than silently sending the token over a connection that may fall back to plaintext.requireencrypts but does not verify the server certificate; for that, usesslmode=verify-fullwithsslrootcertpointing at the RDS CA bundle. - The database role must be granted
rds_iam, and the service's IAM role needsrds-db:connecton thedbuserresource. LeavinguseIAMAuthunset preserves the previous password-based behavior.
make test