From 42befa3b0db19dc770bb55223fe53c9d295b1531 Mon Sep 17 00:00:00 2001
From: Ronen Lubin <63970571+ronenlu@users.noreply.github.com>
Date: Fri, 15 Mar 2024 10:11:15 +0200
Subject: [PATCH] cmd/atlas/internal: fix IAM Authentication for RDS MySQL
 (#2617)

* cmd/atlas/internal: register rds CRA on mysql driver when using aws_rds_token

* update doc

* fix readme
---
 doc/md/guides/deploying/secrets.mdx | 32 ++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/doc/md/guides/deploying/secrets.mdx b/doc/md/guides/deploying/secrets.mdx
index 0bc67105896..1178b8b17a7 100644
--- a/doc/md/guides/deploying/secrets.mdx
+++ b/doc/md/guides/deploying/secrets.mdx
@@ -199,6 +199,9 @@ values={[
 
 4. Create a new file named `atlas.hcl` with the following contents:
 
+    <Tabs>
+    <TabItem value="postgres" label="postgres" default>
+
     ```hcl
     locals {
       user = "iamuser"
@@ -206,9 +209,9 @@ values={[
     }
 
     data "aws_rds_token" "db" {
-        region = "us-east-1"
-        endpoint = local.endpoint
-        username = local.user
+      region = "us-east-1"
+      endpoint = local.endpoint
+      username = local.user
     }
 
     env "rds" {
@@ -216,6 +219,29 @@ values={[
     }
     ```
 
+    </TabItem>
+    <TabItem value="mysql" label="mysql">
+
+    ```hcl
+    locals {
+      user = "iamuser"
+      endpoint = "hostname-of-db.example9y7k.us-east-1.rds.amazonaws.com:3306"
+    }
+
+    data "aws_rds_token" "db" {
+      region = "us-east-1"
+      endpoint = local.endpoint
+      username = local.user
+    }
+
+    env "rds" {
+      url = "mysql://${local.user}:${urlescape(data.aws_rds_token.db)}@${local.endpoint}?tls=preferred&allowCleartextPasswords=true"
+    }
+    ```
+
+    </TabItem>
+    </Tabs>
+
     Let's breakdown the configuration:
     * The `aws_rds_token` data source is used to retrieve the database password from AWS Secrets Manager.
     * We define an `env` named `rds`.  The value retrieved by the `aws_rds_token` data source