PHPackages promenadeco/doctrine-aws-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Database & ORM](/categories/database) 4. / 5. promenadeco/doctrine-aws-auth ActiveLibrary[Database & ORM](/categories/database) promenadeco/doctrine-aws-auth ============================= RDS authentication using IAM for Doctrine DBAL/ORM 1.1.1(3y ago)616.7k↓20.8%[2 PRs](https://github.com/promenadeco/doctrine-aws-auth/pulls)Apache-2.0PHPPHP >=7.4 Since Jun 16Pushed 3y ago1 watchersCompare [ Source](https://github.com/promenadeco/doctrine-aws-auth)[ Packagist](https://packagist.org/packages/promenadeco/doctrine-aws-auth)[ RSS](/packages/promenadeco-doctrine-aws-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (3)Versions (7)Used By (0) Doctrine AWS Authentication =========================== [](#doctrine-aws-authentication) This library provides Amazon RDS database authentication using IAM for [Doctrine DBAL](https://github.com/doctrine/dbal) / ORM. **Features:** - RDS auth via IAM using short-lived tokens - Token caching (for 10 min by default) - Support of EC2 and ECS environments - Support of PDO and MySQLi [drivers](https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#driver) Usage ----- [](#usage) Install the package using Composer: ``` composer require promenadeco/doctrine-aws-auth ``` Enable IAM authentication in cleartext using the following environment variables: ``` AWS_REGION=us-east-1 RDS_USE_IAM=1 LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=1 ``` ### Doctrine ORM [](#doctrine-orm) Register the DBAL driver middleware in Doctrine ORM: ``` use Doctrine\ORM\EntityManager; use Doctrine\ORM\ORMSetup; use Promenade\Doctrine\Aws\Auth\Driver\IamMiddleware; use Promenade\Doctrine\Aws\Auth\Token\RdsToken; // ... $ormConfig = ORMSetup::createAnnotationMetadataConfiguration([ 'src/Entity', ]); $tokenProvider = new RdsToken(); $ormConfig->setMiddlewares([ new IamMiddleware($tokenProvider), ]); $entityManager = EntityManager::create( [ 'host' => 'example-db.abcdefghijkl.us-east-1.rds.amazonaws.com', 'port' => 3306, 'user' => 'iam_user', 'dbname' => 'test_db', 'driver' => 'pdo_mysql', 'driverOptions' => [ PDO::MYSQL_ATTR_SSL_CA => '/etc/ssl/certs/ca-certificates.crt', PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false ], ], $ormConfig ); ``` #### Encryption [](#encryption) Connection encryption is necessary to secure transmission of credentials as cleartext. The SSL configuration differs between drivers, for example: ``` [ // ... 'driver' => 'mysqli', 'driverOptions' => [ 'flags' => MYSQLI_CLIENT_SSL, ], ] ``` #### Caching [](#caching) Activate token caching to stay within rate limits and improve performance: ``` use Promenade\Doctrine\Aws\Auth\Token\CachingProxy; // ... $tokenProvider = new CachingProxy($tokenProvider, $ormConfig->getMetadataCache()); ``` By default, tokens are good for 15 min and are cached for 10 min to be renewed well ahead of their expiration. ### Symfony [](#symfony) Register the DBAL driver middleware in `config/services.yaml`: ``` services: Promenade\Doctrine\Aws\Auth\Token\TokenProvider: class: Promenade\Doctrine\Aws\Auth\Token\RdsToken Promenade\Doctrine\Aws\Auth\Driver\IamMiddleware: tags: ['doctrine.middleware'] ``` #### Caching [](#caching-1) Activate the token caching and adjust its lifetime as needed: ``` services: Promenade\Doctrine\Aws\Auth\Driver\IamMiddleware: arguments: $tokenProvider: '@Promenade\Doctrine\Aws\Auth\Token\CachingProxy' Promenade\Doctrine\Aws\Auth\Token\RdsToken: arguments: $lifetime: 15 Promenade\Doctrine\Aws\Auth\Token\CachingProxy: arguments: $lifetime: 14 ``` Make sure tokens are valid some time beyond their cache expiration to compensate for potential clock drift. Limitations ----------- [](#limitations) IAM authentication relies on database client sending credentials in cleartext without hashing. The implementation has only been tested on MySQL. Other RDBMS may have their own unique limitations. Resources --------- [](#resources) Related resources with useful information: - [sators/connect.php](https://gist.github.com/sators/38dbe25f655f1c783cb2c49e9873d58a) - [lead/doctrine-rds-iam-auth](https://github.com/Ulv/doctrine-aws-iam-rds-auth) - [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) - [AWS Knowledge Center](https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/) - [AWS User Guide](https://docs.amazonaws.cn/en_us/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.html) - [MySQL Documentation](https://dev.mysql.com/doc/mysql-security-excerpt/5.7/en/cleartext-pluggable-authentication.html) Contributing ------------ [](#contributing) Pull Requests with fixes and improvements are welcome! License ------- [](#license) Copyright © Promenade Group. All rights reserved. Licensed under the [Apache License, Version 2.0](https://github.com/promenadeco/doctrine-aws-auth/blob/main/LICENSE.txt). ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity31 Limited adoption so far Community7 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~86 days Total 4 Last Release 1173d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d26cdd51fba4e3a60cc96be7dbfaca40940ca428173b83bdd21f2f699c144fc6?d=identicon)[PromenadeCo](/maintainers/PromenadeCo) --- Top Contributors [![sshymko-promenade](https://avatars.githubusercontent.com/u/95300875?v=4)](https://github.com/sshymko-promenade "sshymko-promenade (16 commits)") ### Embed Badge ![Health badge](/badges/promenadeco-doctrine-aws-auth/health.svg) ``` [![Health](https://phpackages.com/badges/promenadeco-doctrine-aws-auth/health.svg)](https://phpackages.com/packages/promenadeco-doctrine-aws-auth) ``` ### Alternatives [doctrine/dbal Powerful PHP database abstraction layer (DBAL) with many features for database schema introspection and management. 9.7k578.4M5.6k](/packages/doctrine-dbal)[martin-georgiev/postgresql-for-doctrine Extends Doctrine with native PostgreSQL support for arrays, JSONB, ranges, PostGIS geometries, text search, ltree, uuid, and 100+ PostgreSQL-specific functions. 4485.3M4](/packages/martin-georgiev-postgresql-for-doctrine)[damienharper/auditor-bundle Integrate auditor library in your Symfony projects. 4542.8M](/packages/damienharper-auditor-bundle)[sonata-project/entity-audit-bundle Audit for Doctrine Entities 644989.8k1](/packages/sonata-project-entity-audit-bundle)[overtrue/laravel-versionable Make Laravel model versionable. 585308.0k5](/packages/overtrue-laravel-versionable)[worksome/foggy Foggy is a tool for making database dumps with some data removed/changed. 26571.7k1](/packages/worksome-foggy) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)