GitHub user dosubot[bot] added a comment to the discussion: Configuring Superset to use AWS IAM authentication to connect to metastore database hosted in RDS
<!-- Answer --> To patch Superset for dynamic AWS IAM authentication on the metastore, the most robust approach is to hook into SQLAlchemy’s connection pool events for the metastore engine. You can register a pool "connect" or "checkout" event listener after the engine is created (in app startup), and in that handler, generate a fresh IAM token and update the connection’s credentials before each new DB connection is established. This ensures every new connection uses a valid token, even as tokens expire. You’ll want to do this in a custom Superset config or a monkeypatch right after Superset initializes the engine (see setup_db in superset/initialization/__init__.py). The event handler should call your IAM token generator and update the connection’s password or URI accordingly. This pattern is common for short-lived credential rotation in SQLAlchemy and avoids the need to restart Superset or re-initialize the engine each time a token expires. There are no built-in Superset hooks for this, so you’ll need to patch at the SQLAlchemy layer directly after engine creation. Be mindful of thread safety and connection leaks—test thoroughly in your environment. For reference, see the SQLAlchemy event system and how Superset initializes the metastore engine via SQLALCHEMY_DATABASE_URI at startup [cite](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/initialization/__init__.py). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/1f0c0e27-9378-4e54-9856-5a43eb3c098a?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35894) GitHub link: https://github.com/apache/superset/discussions/35894#discussioncomment-14819978 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
