Move auth token examples from starter-kit with snippet markers (#216)

amaksimo · alemaksi · web-flow · commit f8b0fb560bdb · 2025-12-18T13:02:56.000-08:00
- Move all inline code blocks from generate-authentication-token.md to
samples repo
- Examples organized by language (py, js, java, cpp, rs, rb, cs, go)

Co-authored-by: Aleksandar Maksimovic &lt;alemaksi@amazon.com&gt;
diff --git a/cli/authentication/generate_token.sh b/cli/authentication/generate_token.sh
@@ -0,0 +1,29 @@
+# CLI and CloudShell examples for generating Aurora DSQL authentication tokens
+
+# --8<-- [start:cloudshell-admin-token]
+aws dsql generate-db-connect-admin-auth-token \
+  --expires-in 3600 \
+  --region us-east-1 \
+  --hostname your_cluster_endpoint
+# --8<-- [end:cloudshell-admin-token]
+
+# --8<-- [start:cloudshell-psql-connection]
+PGSSLMODE=require \
+psql --dbname postgres \
+  --username admin \
+  --host cluster_endpoint
+# --8<-- [end:cloudshell-psql-connection]
+
+# --8<-- [start:cli-linux-macos]
+aws dsql generate-db-connect-admin-auth-token \
+  --region region \
+  --expires-in 3600 \
+  --hostname your_cluster_endpoint
+# --8<-- [end:cli-linux-macos]
+
+# --8<-- [start:cli-windows]
+aws dsql generate-db-connect-admin-auth-token ^
+  --region=region ^
+  --expires-in=3600 ^
+  --hostname=your_cluster_endpoint
+# --8<-- [end:cli-windows]
diff --git a/cpp/authentication/src/GenerateToken.cpp b/cpp/authentication/src/GenerateToken.cpp
@@ -0,0 +1,32 @@
+// C++ SDK examples for generating Aurora DSQL authentication tokens
+
+// --8<-- [start:cpp-generate-token]
+#include <aws/core/Aws.h>
+#include <aws/dsql/DSQLClient.h>
+#include <iostream>
+
+using namespace Aws;
+using namespace Aws::DSQL;
+
+std::string generateToken(String yourClusterEndpoint, String region) {
+    Aws::SDKOptions options;
+    Aws::InitAPI(options);
+    DSQLClientConfiguration clientConfig;
+    clientConfig.region = region;
+    DSQLClient client{clientConfig};
+    std::string token = "";
+    
+    // If you are not using the admin role to connect, use GenerateDBConnectAuthToken instead
+    const auto presignedString = client.GenerateDBConnectAdminAuthToken(yourClusterEndpoint, region);
+    if (presignedString.IsSuccess()) {
+        token = presignedString.GetResult();
+    } else {
+        std::cerr << "Token generation failed." << std::endl;
+    }
+
+    std::cout << token << std::endl;
+
+    Aws::ShutdownAPI(options);
+    return token;
+}
+// --8<-- [end:cpp-generate-token]
diff --git a/dotnet/authentication/examples/GenerateToken/GenerateToken.cs b/dotnet/authentication/examples/GenerateToken/GenerateToken.cs
@@ -0,0 +1,15 @@
+// .NET SDK examples for generating Aurora DSQL authentication tokens
+
+// --8<-- [start:dotnet-generate-token]
+using Amazon;
+using Amazon.DSQL.Util;
+using Amazon.Runtime;
+
+var yourClusterEndpoint = "insert-dsql-cluster-endpoint";
+
+AWSCredentials credentials = FallbackCredentialsFactory.GetCredentials();
+
+var token = DSQLAuthTokenGenerator.GenerateDbConnectAdminAuthToken(credentials, RegionEndpoint.USEast1, yourClusterEndpoint);
+
+Console.WriteLine(token);
+// --8<-- [end:dotnet-generate-token]
diff --git a/go/authentication/cmd/generate_token/generate_token.go b/go/authentication/cmd/generate_token/generate_token.go
@@ -0,0 +1,43 @@
+// Go SDK examples for generating Aurora DSQL authentication tokens
+
+// --8<-- [start:go-generate-token]
+func GenerateDbConnectAdminAuthToken(yourClusterEndpoint string, region string, action string) (string, error) {
+	// Fetch credentials
+	sess, err := session.NewSession()
+	if err != nil {
+		return "", err
+	}
+
+	creds, err := sess.Config.Credentials.Get()
+	if err != nil {
+		return "", err
+	}
+	staticCredentials := credentials.NewStaticCredentials(
+		creds.AccessKeyID,
+		creds.SecretAccessKey,
+		creds.SessionToken,
+	)
+
+	// The scheme is arbitrary and is only needed because validation of the URL requires one.
+	endpoint := "https://" + yourClusterEndpoint
+	req, err := http.NewRequest("GET", endpoint, nil)
+	if err != nil {
+		return "", err
+	}
+	values := req.URL.Query()
+	values.Set("Action", action)
+	req.URL.RawQuery = values.Encode()
+
+	signer := v4.Signer{
+		Credentials: staticCredentials,
+	}
+	_, err = signer.Presign(req, nil, "dsql", region, 15*time.Minute, time.Now())
+	if err != nil {
+		return "", err
+	}
+
+	url := req.URL.String()[len("https://"):]
+
+	return url, nil
+}
+// --8<-- [end:go-generate-token]
diff --git a/java/authentication/src/main/java/org/example/GenerateToken.java b/java/authentication/src/main/java/org/example/GenerateToken.java
@@ -0,0 +1,25 @@
+// Java SDK examples for generating Aurora DSQL authentication tokens
+
+// --8<-- [start:java-generate-token]
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
+import software.amazon.awssdk.services.dsql.DsqlUtilities;
+import software.amazon.awssdk.regions.Region;
+
+public class GenerateAuthToken { 
+    public static String generateToken(String yourClusterEndpoint, Region region) {
+        DsqlUtilities utilities = DsqlUtilities.builder()
+                .region(region)
+                .credentialsProvider(DefaultCredentialsProvider.create())
+                .build();
+
+        // Use `generateDbConnectAuthToken` if you are _not_ logging in as `admin` user 
+        String token = utilities.generateDbConnectAdminAuthToken(builder -> {
+            builder.hostname(yourClusterEndpoint)
+                    .region(region);
+        });
+
+        System.out.println(token);
+        return token;
+    }
+}
+// --8<-- [end:java-generate-token]
diff --git a/javascript/authentication/src/generate_token.js b/javascript/authentication/src/generate_token.js
@@ -0,0 +1,21 @@
+// JavaScript SDK examples for generating Aurora DSQL authentication tokens
+
+// --8<-- [start:javascript-generate-token]
+import { DsqlSigner } from "@aws-sdk/dsql-signer";
+
+async function generateToken(yourClusterEndpoint, region) {
+  const signer = new DsqlSigner({
+    hostname: yourClusterEndpoint,
+    region,
+  });
+  try {
+    // Use `getDbConnectAuthToken` if you are _not_ logging in as the `admin` user
+    const token = await signer.getDbConnectAdminAuthToken();
+    console.log(token);
+    return token;
+  } catch (error) {
+      console.error("Failed to generate token: ", error);
+      throw error;
+  }
+}
+// --8<-- [end:javascript-generate-token]
diff --git a/python/authentication/src/generate_token.py b/python/authentication/src/generate_token.py
@@ -0,0 +1,10 @@
+# Python SDK examples for generating Aurora DSQL authentication tokens
+
+# --8<-- [start:python-generate-token]
+def generate_token(your_cluster_endpoint, region):
+    client = boto3.client("dsql", region_name=region)
+    # use `generate_db_connect_auth_token` instead if you are not connecting as admin.
+    token = client.generate_db_connect_admin_auth_token(your_cluster_endpoint, region)
+    print(token)
+    return token
+# --8<-- [end:python-generate-token]
diff --git a/ruby/authentication/lib/generate_token.rb b/ruby/authentication/lib/generate_token.rb
@@ -0,0 +1,23 @@
+# Ruby SDK examples for generating Aurora DSQL authentication tokens
+
+# --8<-- [start:ruby-generate-token]
+require 'aws-sdk-dsql'
+
+def generate_token(your_cluster_endpoint, region)
+  credentials = Aws::SharedCredentials.new()
+
+  begin
+      token_generator = Aws::DSQL::AuthTokenGenerator.new({
+          :credentials => credentials
+      })
+      
+      # if you're not using admin role, use generate_db_connect_auth_token instead
+      token = token_generator.generate_db_connect_admin_auth_token({
+          :endpoint => your_cluster_endpoint,
+          :region => region
+      })
+  rescue => error
+    puts error.full_message
+  end
+end
+# --8<-- [end:ruby-generate-token]
diff --git a/rust/authentication/src/bin/generate_token.rs b/rust/authentication/src/bin/generate_token.rs
@@ -0,0 +1,22 @@
+// Rust SDK examples for generating Aurora DSQL authentication tokens
+
+// --8<-- [start:rust-generate-token]
+use aws_config::{BehaviorVersion, Region};
+use aws_sdk_dsql::auth_token::{AuthTokenGenerator, Config};
+
+async fn generate_token(your_cluster_endpoint: String, region: String) -> String {
+    let sdk_config = aws_config::load_defaults(BehaviorVersion::latest()).await;
+    let signer = AuthTokenGenerator::new(
+        Config::builder()
+            .hostname(&your_cluster_endpoint)
+            .region(Region::new(region))
+            .build()
+            .unwrap(),
+    );
+
+    // Use `db_connect_auth_token` if you are _not_ logging in as `admin` user
+    let token = signer.db_connect_admin_auth_token(&sdk_config).await.unwrap();
+    println!("{}", token);
+    token.to_string()
+}
+// --8<-- [end:rust-generate-token]
