Unable to access Amazon Aurora database using IAM

Question

I cannot login using the new IAM feature.   I created an IAM user with the correct policy and I create a db user with the correct identified by.  The only error I can find is _2017-05-02 21:23:01 7217 ERROR Authentication requires SSL encryption._. But SSL is enabled as far as I can tell.  
  
This should work unless I misunderstand something.

```
mysql --ssl -u $DB_USER -p$(aws rds generate-db-auth-token --hostname $DB_HOST --port 3306 --user $DB_USER) -h $DB_HOST
```

What am I missing?

Answer

I've hit the same issue, returning the same error. Any ideas what I/We are doing wrong?  
  
EDIT: I fixed this.  
Add --enable-cleartext-plugin switch, after the ssl-ca switch, (ie, as the third option)and you should be good.  
  
Edited by: JadenIRL on May 30, 2017 8:13 AM

Answer

I got a little further.  Still getting an error.

```
mysql  --ssl-mode=REQUIRED --ssl-ca=rds-combined-ca-bundle.pem -u $DB_USER -h $DB_HOST -p$(aws rds generate-db-auth-token --hostname $DB_HOST --port 3306 --user $DB_USER)
```

_ERROR 2059 (HY000): Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled_

Answer

I was experiencing this problem, and the `--enable-cleartext-plugin` fixed it. It seems odd that everyone will have that problem and it isn't in the documentation.  
  
Unfortunately having got past that, I am now just getting "Access denied for user 'NAME'@'IP' (using password: YES)  
  
The token generated looks odd, in that it is a full URL. I would have assumed it would just be a token, so is there some other processing I need to do on the token?  
  
NB I am using MySQL rather than Aurora but from docs the process seems similar.

Unable to access Amazon Aurora database using IAM

Relevant content