[{"data":1,"prerenderedAt":404},["ShallowReactive",2],{"navigation":3,"\u002Fblog\u002Faws-aurora-dsql-postgres-serverless-authentication":204,"\u002Fblog\u002Faws-aurora-dsql-postgres-serverless-authentication-surround":399},[4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200],{"title":5,"path":6,"stem":7},"You do not have time to not have tests","\u002Fblog\u002Fyou-do-not-have-time-to-not-have-tests","2.blog\u002F20211217.you-do-not-have-time-to-not-have-tests",{"title":9,"path":10,"stem":11},"Migrate Vue 2 with Vuetify and Jest to Vite and Vitest","\u002Fblog\u002Fmigrate-vue-2-with-vuetify-and-jest-to-vite-and-vitest","2.blog\u002F20220109.migrate-vue-2-with-vuetify-and-jest-to-vite-and-vitest",{"title":13,"path":14,"stem":15},"I am a Dark Matter Developer","\u002Fblog\u002Fi-am-a-dark-matter-developer","2.blog\u002F20220626.i-am-a-dark-matter-developer",{"title":17,"path":18,"stem":19},"Why using Conventional commits is useful","\u002Fblog\u002Fusing-conventional-commits","2.blog\u002F20240623.using-conventional-commits",{"title":21,"path":22,"stem":23},"Why you should make a toolbox repository","\u002Fblog\u002Fwhy-you-should-make-a-toolbox-repository","2.blog\u002F20240630.Why-you-should-make-a-toolbox-repository",{"title":25,"path":26,"stem":27},"Apache Airflow Part 1 - Why and Goals for a near Serverless ELT","\u002Fblog\u002Fapache-airflow-part-1-why-and-goals","2.blog\u002F20240710.apache-airflow-part-1-why-and-goals",{"title":29,"path":30,"stem":31},"Oh My Zsh on your server","\u002Fblog\u002Foh-my-zsh-on-your-server","2.blog\u002F20240711.oh-my-zsh-on-your-server",{"title":33,"path":34,"stem":35},"Fire tablet and YouTube Kids","\u002Fblog\u002Ffire-tablet-and-youtube-kids","2.blog\u002F20240714.fire-tablet-and-youtube-kids",{"title":37,"path":38,"stem":39},"Using Ollama and Continue as a GitHub Copilot Alternative","\u002Fblog\u002Fusing-ollama-and-continue-as-github-copilot-alternative","2.blog\u002F20240723.using-ollama-and-continue-as-github-copilot-alternative",{"title":41,"path":42,"stem":43},"Debugging Local Packages Made Easy with pnpm","\u002Fblog\u002Fdebugging-local-packages-with-pnpm-link","2.blog\u002F20250422.debugging local-packages-with-pnpm-link",{"title":45,"path":46,"stem":47},"Two Weeks with Cloudflare AI and Tools","\u002Fblog\u002Ftwo-weeks-with-cloudflare-ai-and-tools","2.blog\u002F20250509.two-weeks-with-cloudflare-aI-and-tools",{"title":49,"path":50,"stem":51},"Adding Prompts to VS Code - How I Learned to Stop Worrying and Love AI Context","\u002Fblog\u002Fadding-prompts-to-vscode","2.blog\u002F20250528.adding-prompts-to-vscode",{"title":53,"path":54,"stem":55},"My Best Practices","\u002Fblog\u002Fmy-best-practicies","2.blog\u002F20250607.my-best-practicies",{"title":57,"path":58,"stem":59},"Creating my own CLI Tool - Towles Tool","\u002Fblog\u002Ftowles-tool","2.blog\u002F20250607.towles-tool",{"title":61,"path":62,"stem":63},"Software Development Best Practices & ITIL","\u002Fblog\u002Fsoftware-engineering-and-itil-best-practices","2.blog\u002F20250612.software-engineering-and-itil-best-practices",{"title":65,"path":66,"stem":67},"Voice to Text","\u002Fblog\u002Fvoice-to-text","2.blog\u002F20250622.voice-to-text",{"title":69,"path":70,"stem":71},"Setting Up ComfyUI - A Better Alternative to Fooocus","\u002Fblog\u002Fcomfy-ui-setup","2.blog\u002F20250628.comfy-ui-setup",{"title":73,"path":74,"stem":75},"Voice to System","\u002Fblog\u002Fvoice-to-system","2.blog\u002F20250705.voice-to-system",{"title":77,"path":78,"stem":79},"Tips for Claude Code","\u002Fblog\u002Ftips-for-claude-code","2.blog\u002F20250713.tips-for-claude-code",{"title":81,"path":82,"stem":83},"Review That AI Code: Why I Read Every Line Generated Code","\u002Fblog\u002Freview-that-ai-code","2.blog\u002F20250720.review-that-ai-code",{"title":85,"path":86,"stem":87},"My Context Engineering Journey: From Dev Scripts to AI Collaboration","\u002Fblog\u002F20250803-1.my-context-engineering-journey","2.blog\u002F20250803-1.my-context-engineering-journey",{"title":89,"path":90,"stem":91},"Context Engineering at Scale: Enterprise Lessons and the Future of Development","\u002Fblog\u002F20250803-2.context-engineering-at-scale","2.blog\u002F20250803-2.context-engineering-at-scale",{"title":93,"path":94,"stem":95},"Check That Your Tools and Linters Do Not Burn Tokens","\u002Fblog\u002Fcheck-that-your-tools-and-linters-do-not-burn-tokens","2.blog\u002F20250806.check-that-your-tools-and-linters-do-not-burn-tokens",{"title":97,"path":98,"stem":99},"Markdown + AI: The Communication Protocol That Changes Everything","\u002Fblog\u002Fmarkdown-plus-ai-the-communication-protocol-that-changes-everything","2.blog\u002F20250814.markdown-plus-ai-the-communication-protocol-that-changes-everything",{"title":101,"path":102,"stem":103},"Finally: Type-Safe AI in Production (And Why I'm Here For It)","\u002Fblog\u002Ffinally-type-safe-ai-in-production-and-why-im-here-for-it","2.blog\u002F20250819.finally-type-safe-ai-in-production-and-why-im-here-for-it",{"title":105,"path":106,"stem":107},"Dotfiles: Masterpiece or Late Stage Picasso?","\u002Fblog\u002Fdotfiles-masterpiece-or-late-stage-picasso","2.blog\u002F20250822.dotfiles-masterpiece-or-late-stage-picasso",{"title":109,"path":110,"stem":111},"Beyond API Wrappers: Building State-Driven MCP Servers for Long-Horizon Agent Orchestration","\u002Fblog\u002Fbeyond-api-wrappers-mcp-servers","2.blog\u002F20250907.beyond-api-wrappers-mcp-servers",{"title":113,"path":114,"stem":115},"Why Vertical Integration Wins: A Software Engineer's Case for Owning Your Stack","\u002Fblog\u002Fwhy-i-bought-tesla-model-3-vertical-integration","2.blog\u002F20250928.why-i-bought-tesla-model-3-vertical-integration",{"title":117,"path":118,"stem":119},"The Min-Maxer's Trifecta: Building Tools for the Game You Actually Play","\u002Fblog\u002Fmin-maxer-trifecta","2.blog\u002F20251004.min-maxer-trifecta",{"title":121,"path":122,"stem":123},"Read The Source: Learning by Cutting Out The Middleman and RTFM","\u002Fblog\u002Fread-the-source","2.blog\u002F20251010.read-the-source",{"title":125,"path":126,"stem":127},"The Exponential Shift: Why AI Progress Feels Different Now","\u002Fblog\u002Fthe-exponential-shift","2.blog\u002F20251015.the-exponential-shift",{"title":129,"path":130,"stem":131},"Plan Mode for Your Problems, Edit Mode for Claude's","\u002Fblog\u002Fplan-mode-problems-edit-mode-solutions","2.blog\u002F20251019.plan-mode-problems-edit-mode-solutions",{"title":133,"path":134,"stem":135},"AWS Aurora DSQL Looked Perfect Until I Needed the Connection String","\u002Fblog\u002Faws-aurora-dsql-postgres-serverless-authentication","2.blog\u002F20251028.aws-aurora-dsql-postgres-serverless-authentication",{"title":137,"path":138,"stem":139},"Switchback: Browser History for Your Thoughts","\u002Fblog\u002Fswitchback-second-order-reasoning","2.blog\u002F20251205.switchback-second-order-reasoning",{"title":141,"path":142,"stem":143},"AI Pairing: Notes to Self","\u002Fblog\u002Fai-pairing-notes-to-self","2.blog\u002F20251216.ai-pairing-notes-to-self",{"title":145,"path":146,"stem":147},"I've Been Sleeping on Zellij","\u002Fblog\u002Fsleeping-on-zellij","2.blog\u002F20251229.sleeping-on-zellij",{"title":149,"path":150,"stem":151},"Implementing a Ralph Wiggum Loop: The Secret is Session Markers","\u002Fblog\u002Fimplementing-ralph-wiggum-loop-for-autonomous-ai-coding","2.blog\u002F20260114.implementing-ralph-wiggum-loop-for-autonomous-ai-coding",{"title":153,"path":154,"stem":155},"Goodhart's Law Ate My Context Window","\u002Fblog\u002Fgoodharts-law-ate-my-context-window","2.blog\u002F20260119.goodharts-law-ate-my-context-window",{"title":157,"path":158,"stem":159},"Claude Code's Hidden Multi-Agent System Is Real","\u002Fblog\u002Fclaude-code-hidden-multi-agent-system","2.blog\u002F20260124.claude-code-hidden-multi-agent-system",{"title":161,"path":162,"stem":163},"Free Printable Math Sheets for Kids — Number Chart, Skip Counting, Multiplication, and More","\u002Fblog\u002Ffree-printable-number-chart-and-coin-sheets","2.blog\u002F20260214.free-printable-number-chart-and-coin-sheets",{"title":165,"path":166,"stem":167},"We Are Near the End of the Exponential","\u002Fblog\u002Fnear-the-end-of-the-exponential","2.blog\u002F20260214.near-the-end-of-the-exponential",{"title":169,"path":170,"stem":171},"Free Printable Language Arts Sheets for Kids — Sight Words, Parts of Speech, Homophones, and More","\u002Fblog\u002Ffree-printable-sight-words-and-grammar-sheets","2.blog\u002F20260215.free-printable-sight-words-and-grammar-sheets",{"title":173,"path":174,"stem":175},"Interactive Code Execution with Artifacts","\u002Fblog\u002Finteractive-code-execution-with-artifacts","2.blog\u002F20260215.interactive-code-execution-with-artifacts",{"title":177,"path":178,"stem":179},"Free Printable Telling Time Worksheet for Kids — Clock Reference & Practice Sheet","\u002Fblog\u002Ffree-printable-telling-time-worksheet","2.blog\u002F20260216.free-printable-telling-time-worksheet",{"title":181,"path":182,"stem":183},"Claude Code Skills: Teaching AI Your Playbook","\u002Fblog\u002Fclaude-code-skills-guide","2.blog\u002F20260221.claude-code-skills-guide",{"title":185,"path":186,"stem":187},"Building a Multi-Agent Loan Approval System with Human-in-the-Loop","\u002Fblog\u002Fmulti-agent-loan-approval-human-in-the-loop","2.blog\u002F20260225.multi-agent-loan-approval-human-in-the-loop",{"title":189,"path":190,"stem":191},"The Inception of AI Infrastructure: Bottlenecks All the Way Down","\u002Fblog\u002Fbiggest-bottleneck-scaling-ai-compute","2.blog\u002F20260313.biggest-bottleneck-scaling-ai-compute",{"title":193,"path":194,"stem":195},"What I Tell Teams About Claude Code","\u002Fblog\u002Fwhat-i-tell-teams-about-claude-code","2.blog\u002F20260314.what-i-tell-teams-about-claude-code",{"title":197,"path":198,"stem":199},"The Hardest Part of AI Isn't the AI","\u002Fblog\u002Fthe-hardest-part-of-ai-isnt-the-ai","2.blog\u002F20260327.the-hardest-part-of-ai-isnt-the-ai",{"title":201,"path":202,"stem":203},"Claude Code Hooks: The Capability I Left on the Table","\u002Fblog\u002Fclaude-code-hooks-capability-left-on-the-table","2.blog\u002F20260401.claude-code-hooks-capability-left-on-the-table",{"id":205,"title":133,"authors":206,"badge":212,"body":214,"date":388,"description":389,"extension":390,"image":391,"meta":394,"navigation":395,"path":134,"seo":396,"status":397,"stem":135,"__hash__":398},"posts\u002F2.blog\u002F20251028.aws-aurora-dsql-postgres-serverless-authentication.md",[207],{"name":208,"to":209,"avatar":210},"Chris Towles","https:\u002F\u002Ftwitter.com\u002FChris_Towles",{"src":211},"\u002Fimages\u002Fctowles-profile-512x512.png",{"label":213},"DevOps",{"type":215,"value":216,"toc":380},"minimark",[217,222,226,229,240,243,247,256,263,271,274,277,281,284,287,296,299,315,319,322,325,328,346,349,352,356,359,362,365],[218,219,221],"h2",{"id":220},"the-setup","The Setup",[223,224,225],"p",{},"I'm building AI chat features for my blog. I wanted Postgres because it's my go-to database. I decided to try the AWS stack since we use it at work.",[223,227,228],{},"I always use RDS at work but figured I'd try something new. Aurora DSQL caught my attention—serverless Postgres with distributed SQL. The pricing looked good for low-traffic personal projects. Way better than Aurora Serverless v2, which is AWS's special type of \"Serverless\"—it isn't serverless and doesn't spin down to zero.",[223,230,231,232,239],{},"I did my homework. Read through ",[233,234,238],"a",{"href":235,"rel":236},"https:\u002F\u002Fdocs.aws.amazon.com\u002Faurora-dsql\u002Flatest\u002Fuserguide\u002Fworking-with-postgresql-compatibility-unsupported-features.html",[237],"nofollow","the unsupported features list",". Foreign keys? Don't need them. PostGIS and PGVector? Not for this project. 3,000 row transaction limit? My chat features won't hit that.",[223,241,242],{},"Nothing on that list was a dealbreaker.",[218,244,246],{"id":245},"the-deployment","The Deployment",[223,248,249,250,255],{},"Created a CloudFormation template. Had to update SAM CLI first, and ",[233,251,254],{"href":252,"rel":253},"https:\u002F\u002Fgithub.com\u002FChrisTowles\u002Fdotfiles\u002Fcommit\u002F21e77ccb9689ebfdac2c944a1aa9e721dbdfd993#diff-af587fcc369e832087d96f2de7b3c0daaff070b88b329ad6e3c83a983d17ba98",[237],"there were issues, of course",". A few small issues later, deployment succeeded. Resource created, endpoint ready.",[223,257,258],{},[259,260],"img",{"alt":261,"src":262},"","\u002Fimages\u002Fblog\u002Fcreating-dsql-cluster-sam-cloudformation-stack.png",[223,264,265,266],{},"Check this git commit for infra code: ",[233,267,270],{"href":268,"rel":269},"https:\u002F\u002Fgithub.com\u002FChrisTowles\u002Fblog\u002Fcommit\u002F65df772895186709bec5814912efed8cc5e9fc0e#diff-51ad8453311eba96809cf31ed76d51139db96d3e679ed1736d21b3e9bae5e3b0",[237],"infra\u002Fcloudformation\u002Fdsql.yaml",[223,272,273],{},"Time to grab the connection string and wire it into my Cloudflare Worker.",[223,275,276],{},"That's when I saw it.",[218,278,280],{"id":279},"the-discovery","The Discovery",[223,282,283],{},"No username field. No password field. Just: \"Use IAM authentication.\"",[223,285,286],{},"AWS Aurora DSQL doesn't support traditional username\u002Fpassword authentication. Period.",[223,288,289,290,295],{},"Just ",[233,291,294],{"href":292,"rel":293},"https:\u002F\u002Fdocs.aws.amazon.com\u002Faurora-dsql\u002Flatest\u002Fuserguide\u002FSECTION_authentication-token.html",[237],"IAM authentication with temporary tokens"," that expire every 15 minutes.",[223,297,298],{},"Here's how it works:",[300,301,302,306,309,312],"ol",{},[303,304,305],"li",{},"Create an IAM role with database permissions",[303,307,308],{},"Generate a temporary token (15-minute expiration)",[303,310,311],{},"Use the token as password",[303,313,314],{},"When the connection drops after 15 minutes, generate a new token",[218,316,318],{"id":317},"the-problem","The Problem",[223,320,321],{},"This immediately killed it for my use case.",[223,323,324],{},"Cloudflare Workers are serverless edge functions. Short-lived, stateless, potentially spanning minutes between invocations. The entire model assumes connection pooling or connection-per-request patterns with credentials that don't expire mid-session.",[223,326,327],{},"The 15-minute token expiration means:",[329,330,331,334,337,340,343],"ul",{},[303,332,333],{},"Can't use standard connection pooling (pool outlives token)",[303,335,336],{},"Can't cache tokens between worker invocations reliably",[303,338,339],{},"Need AWS SDK running in every worker to generate tokens",[303,341,342],{},"Additional cold start latency for token generation",[303,344,345],{},"More complexity for credential management",[223,347,348],{},"Could I have made it work? Probably. Generate token on each invocation, accept the latency, handle token refresh logic.",[223,350,351],{},"But at that point—why?",[218,353,355],{"id":354},"the-missing-context","The Missing Context",[223,357,358],{},"The unsupported features list told me about foreign keys and triggers. It mentioned the 3,000 row transaction limit and one-hour connection timeout.",[223,360,361],{},"What it didn't mention up front: \"This database requires IAM authentication. No username\u002Fpassword support.\"",[223,363,364],{},"That's not a missing Postgres feature. That's a fundamental authentication model that changes how you architect your application.",[223,366,367,368,373,374,379],{},"Gee, AWS, I wonder why everyone uses ",[233,369,372],{"href":370,"rel":371},"https:\u002F\u002Fsupabase.com\u002F",[237],"Supabase"," or ",[233,375,378],{"href":376,"rel":377},"https:\u002F\u002Fneon.tech\u002F",[237],"Neon"," for serverless Postgres these days? It's like you got so close, then just blew it at the last second.",{"title":261,"searchDepth":381,"depth":381,"links":382},2,[383,384,385,386,387],{"id":220,"depth":381,"text":221},{"id":245,"depth":381,"text":246},{"id":279,"depth":381,"text":280},{"id":317,"depth":381,"text":318},{"id":354,"depth":381,"text":355},"2025-10-28","I researched unsupported features, checked pricing, deployed the stack—then discovered IAM-only auth means 15-minute tokens. Here's why that killed it for my Cloudflare Workers deployment.","md",{"src":392,"alt":393},"\u002Fimages\u002Fblog\u002F20251028-1430-aws-aurora-dsql-auth-frustration.png","A software engineer's desk with a MacBook Pro displaying AWS Console with Aurora DSQL connection details, the screen showing empty username and password fields with only \"Use IAM authentication\" text, a coffee mug and notebook nearby showing crossed-out connection string notes. Dramatic side lighting creates strong contrast between the cool blue glow of the laptop screen and warm desk lamp illumination, shallow depth of field focusing on the screen. Cinematic realism, professional photography quality, 8k detail, high contrast color grading with teal screen glow and warm orange ambient light, contemplative and slightly frustrated atmosphere, rule of thirds composition with negative space on the right.",{},true,{"title":133,"description":389},"published","TMt6OZaG3UUpOIuTNxqWZxHzAqpo4vZZ-_qSb-waeTE",[400,402],{"title":129,"path":130,"stem":131,"description":401,"status":397,"children":-1},"I spent 2 hours directing Claude to build my solution before realizing I should have asked for its approach. Here's the simple rule that changed how I use AI coding assistants.",{"title":137,"path":138,"stem":139,"description":403,"status":397,"children":-1},"Designing a doubly linked list app to navigate chains of reasoning - and how writing this post became the first use case.",1776221196452]