Does pt-online-schema-change tool support IAM based user authentications?

Facing issues when using IAM token based authentication with percona tools like pt-online-schema-change. pt-online-schema-change tool might be truncating or tweaking the password value on the command execution and this may be failing authentication.

@dinesh082293 Can you please provide an example of how you are executing pt-osc with IAM? I’m not aware of any native IAM integration so I’m curious as to what exactly you are doing.

@matthewb When i generate IAM token and use that password with below command, it fails with access denied error.

Command used:

pt-online-schema-change D=XXXX,t=XXXX,u=XXXX,h=XXXX.rds.amazonaws.com --ask-pass --critical-load Threads_running=1500 --alter-foreign-keys-method auto --recursion-method none --progress percentage,1 --no-check-alter --nodrop-old-table --execute --alter "ADD INDEX “XXXXX;”

Used the same token to login into the RDS via MySQL client through IAM authentication and it was successful. And i was able to use pt-online-schema-change as normal user. Issue[access denied] only comes when i use pt-online-schema-change with IAM token.

@dinesh082293 , I’m unfamiliar with IAM tokens so I cannot comment on that. All I know is that there is no direct native IAM integration with any percona-toolkit tools. Can you tell me which mysql client you are using? Community? MariaDB? Run this command please “sudo rpm -qa | grep -i mysql” and then run again for “grep -i percona” Thanks.

@dinesh082293 Are these the steps that you followed?

https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/

@matthewb Thanks for the response.

Yes these are the steps we follow and we are using Amazon aurora mysql.