Add aws_rds_iam_token utlity module for creating rds iam tokens for a…

…uthenticating over IAM towards RDS or Aurora

src/aws_rds_iam_token.erl

@@ -0,0 +1,37 @@
+-module(aws_rds_iam_token).
+-export([create/4]).
+
+-define(SIGNING_ID, <<"rds-db">>).
+-define(EMPTY_PAYLOAD_HASH, <<"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855">>).
+
+%%====================================================================
+%% API
+%%====================================================================
+create(Client, DbEndpoint, DbPort, DbUser) ->
+  Method = <<"GET">>,
+  QueryParams = [{<<"Action">>, <<"connect">>}, {<<"DbUser">>, DbUser}],
+  Endpoint = <<"https://", DbEndpoint/binary, ":", (integer_to_binary(DbPort))/binary>>,
+  Url = aws_request:add_query(Endpoint, QueryParams),
+  AccessKeyID = aws_client:access_key_id(Client),
+  SecretAccessKey = aws_client:secret_access_key(Client),
+  Region = aws_client:region(Client),
+  Now = calendar:universal_time(),
+  Options = [ {ttl, timer:minutes(15) / 1000} %% Time in seconds
+            , {body_digest, ?EMPTY_PAYLOAD_HASH}
+            , {uri_encode_path, false} %% We already encode in build_path/4
+            ],
+  SignedUrl = aws_signature:sign_v4_query_params(AccessKeyID, SecretAccessKey, Region, ?SIGNING_ID, Now, Method, Url, Options),
+  {ok, SignedUrl}.
+
+  %%====================================================================
+%% Unit tests
+%%====================================================================
+
+-ifdef(TEST).
+
+-include_lib("eunit/include/eunit.hrl").
+
+fetch_auth_token_test() ->
+  ok.
+
+-endif.