From d295b61b450509734583bd85fcfa78365c5599d0 Mon Sep 17 00:00:00 2001
From: Bertrand Paquet <bertrand.paquet@gmail.com>
Date: Tue, 18 Oct 2022 08:07:25 +0200
Subject: [PATCH] Allow to configure AWS Region with AWS IAM Auth

---
 postgresql/provider.go           | 14 ++++++++++++--
 website/docs/index.html.markdown |  4 ++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/postgresql/provider.go b/postgresql/provider.go
index bb0bd78f..155fcf43 100644
--- a/postgresql/provider.go
+++ b/postgresql/provider.go
@@ -78,6 +78,13 @@ func Provider() *schema.Provider {
 				Description: "AWS profile to use for IAM auth",
 			},
 
+			"aws_rds_iam_region": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "AWS region to use for IAM auth",
+			},
+
 			// Conection username can be different than database username with user name mapas (e.g.: in Azure)
 			// See https://www.postgresql.org/docs/current/auth-username-maps.html
 			"database_username": {
@@ -179,7 +186,7 @@ func validateExpectedVersion(v interface{}, key string) (warnings []string, erro
 	return
 }
 
-func getRDSAuthToken(profile string, username string, host string, port int) (string, error) {
+func getRDSAuthToken(region string, profile string, username string, host string, port int) (string, error) {
 	endpoint := fmt.Sprintf("%s:%d", host, port)
 
 	ctx := context.Background()
@@ -189,6 +196,8 @@ func getRDSAuthToken(profile string, username string, host string, port int) (st
 
 	if profile != "" {
 		awscfg, err = awsConfig.LoadDefaultConfig(ctx, awsConfig.WithSharedConfigProfile(profile))
+	} else if region != "" {
+		awscfg, err = awsConfig.LoadDefaultConfig(ctx, awsConfig.WithRegion(region))
 	} else {
 		awscfg, err = awsConfig.LoadDefaultConfig(ctx)
 	}
@@ -221,8 +230,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	var password string
 	if d.Get("aws_rds_iam_auth").(bool) {
 		profile := d.Get("aws_rds_iam_profile").(string)
+		region := d.Get("aws_rds_iam_region").(string)
 		var err error
-		password, err = getRDSAuthToken(profile, username, host, port)
+		password, err = getRDSAuthToken(region, profile, username, host, port)
 		if err != nil {
 			return nil, err
 		}
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
index 138ddc43..b70d8025 100644
--- a/website/docs/index.html.markdown
+++ b/website/docs/index.html.markdown
@@ -110,6 +110,10 @@ The following arguments are supported:
   Version](https://www.postgresql.org/support/versioning/) or `current`.  Once a
   connection has been established, Terraform will fingerprint the actual
   version.  Default: `9.0.0`.
+* `aws_rds_iam_auth` - (Optional) If set to `true`, call the AWS RDS API to grab a temporary password, using AWS Credentials
+  from the environment (or the given profile, see `aws_rds_iam_profile`)
+* `aws_rds_iam_profile` - (Optional) The AWS IAM Profile to use while using AWS RDS IAM Auth.
+* `aws_rds_iam_region` - (Optional) The AWS region to use while using AWS RDS IAM Auth.
 
 ## GoCloud