Given that a token like this is only valid for 15min, where should I put the code that fetches a new token? I thought about the init/2 callback of Ecto.Repo, but I fear that in case of disconnection/reconnection, the workers would try to use outdated tokens.
Is there a callback that’s run when a worker initiates a connection?
My understanding is that security groups define which network access are allowed. To my knowledge it has nothing to do with connecting to the DB. Am I missing something?
Oh sorry, I read your OP too quickly. For my RDS DB credentials, I usually just make a new DB user for my elixir application, and do not use the token you referenced.
There is big difference between configure option and init/2 callback. The difference is when the connection dies for whatever reason during the application runtime. The difference is that init is called once when repo supervisor starts, while configure callback is ran on each connection process restart. If you have short-lived credentials to the DB, then you want to use later, as it will not cause full restarts on random connection process issues.
:configure - A function to run before every connect attempt to dynamically configure the options, either a 1-arity fun, {module, function, args} with options prepended to args or nil where only returned options are passed to connect callback