We're going to need an FAQ entry for this since this now comes up regularly for everyone using AWS.
There are two methods to manipulate the parameters sent to connect that are independent of the URL. They are both described now at https://docs.sqlalchemy.org/en/13/core/engines.html#custom-dbapi-args and you probably want to use the "do_connect" event. so you have the pool_recycle, that's good. the next part is the event is like this: from sqlalchemy import event db = create_engine('mysql://<aws url>') @event.listens_for(db, "do_connect") def receive_do_connect(dialect, conn_rec, cargs, cparams): secret = get_new_secret() cparams['password'] = secret Above assumes you are setting just the password, but "cargs, cparams" are the literal arguments passed to mysqldb.connect(), so you can put whatever you need into either of those collections (modify the list and/or dictionary in place). I'm assuming you have some function that can retrieve the latest credentials. On Wed, Jun 17, 2020, at 1:28 AM, Venkata Siva Naga Tatikonda wrote: > Hello Everyone, > > Need some suggestion/insight on some use case we have: > > We have python django web application which uses sqlalchemy v1.3.13 (mysqldb) > to communicate with AWS Aurora (RDS). This application uses AWS Secrets > Manager for managing database credentials and utilizing sqlalchemy (w/ > mysqldb & queuepool) to read user/password during application start-up via > settings.py/manage.py. > > For security reasons, we have to rotate database credentials frequently and > for that we are using AWS Lambda to update in the Aurora DB & secrets > manager. We are using pool_recycle w/ 5 mins and also MYSQL database issues a > disconnect if there is any connection is open & idle for more than 8 hours, > so when this happens and pool creates a new connection then it fails the > authentication. We don't see anyway for engine object to > reload/refresh/re-read updated credentials other than re-deploying or > restarting our services for this issue. > > Is there any documentation on how we could re-create/reload engine or other > mechanisms to handle/address this situation ? > > > Thanks, > Pavan. > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sqlalchemy/ed50fe16-f759-4d14-a111-62457f4009c5o%40googlegroups.com > > <https://groups.google.com/d/msgid/sqlalchemy/ed50fe16-f759-4d14-a111-62457f4009c5o%40googlegroups.com?utm_medium=email&utm_source=footer>. -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/e4d2cfef-01ed-4296-8726-79852a5bd391%40www.fastmail.com.
