In a Db2 v11.5.8 Pacemaker setup on AWS with OverlayIP we are required to provide an AWS profile (an IAM user with necessary permissions) which can make changes to the VPC Route table to point to ENI of secondary server in case of database failover.
1) Most Organizations do not encourage use of IAM users however expect to use IAM roles. In this case it would the IAM role assigned by the EC2 instance on which db2 is running. Can we expect use of IAM role for OverlayIP failover in near future?
2) If possibility to use IAM role is not on cards in near future, is there a way one can trigger a custom script at the time Pacemaker triggers the failover? We are hoping that we can use a script to generate temporary IAM credentials which can then to used by Pacemaker to make changes to the route table.
------------------------------
~Div
------------------------------