Problem

My organization is moving away from standard db user/password to AWS IAM authentication. Essentially, IAM authentication adds an additional step to generate the session token which will expires in 15 minutes.

More on IAM authentication: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

Suggested solution

Not sure what is the best approach. Probably can a custom iam plugin, which will generate the connection string everytime a new connection is required?

datasource db {
  provider = "postgres"
  url      = iam("abc.region.rds.amazonaws.com", "iam_user")
}

Alternatively, we can have a get plugin, which essentially can be a standard http/https get command. Then I can just provision a simple service to generate the connection string as required.

datasource db {
  provider = "postgres"
  url      = get("https://abc.com/connection_str")
}

Alternatives

I did consider writing a background task to update the environment variable DATABASE_URL periodically, however I suspect the current implementation reads in the env only once, instead of everytime a new connection is created?