| From: | aditya desai <admad123(at)gmail(dot)com> |
|---|---|
| To: | Hannah Huang <hannah(dot)huang(dot)y(at)gmail(dot)com> |
| Cc: | pgsql-performance(at)lists(dot)postgresql(dot)org |
| Subject: | Re: SSL connection getting rejected on AWS RDS |
| Date: | 2020-09-30 15:50:03 |
| Message-ID: | CAN0SRDFmEwbYBwC=CX90PHv35CTnehjS4DavV0Q-OF07nJ7TJQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-performance |
Hi Hannah,
Thank you very much!! this is really helpful. Do we need to pass
'sslrootcert" as mentioned in the doc below? I see that you have not used
it in your command.
Also do we have to grant the role below to the user?
grant rds_iam to app_user;
If you have any document/Steps to set this up from scratch,could you please
forward? That would be really helpful.
Regards,
Aditya.
On Wed, Sep 30, 2020 at 4:47 PM Hannah Huang <hannah(dot)huang(dot)y(at)gmail(dot)com>
wrote:
>
>
> On 30 Sep 2020, at 5:19 pm, aditya desai <admad123(at)gmail(dot)com> wrote:
>
> Hi,
> We have AWS RDS and we are trying to connect to DB remotely from EC2
> instance.as client connection using psql. We are trying to set up IAM
> roles. We did all the necessary settings but got below error. Could you
> please advise?
>
> Password for user lmp_cloud_dev:
>
> psql: FATAL: PAM authentication failed for user "testuser"
>
> FATAL: pg_hba.conf rejects connection for host "192.168.1.xxx", user
> "testuser", database "testdb", SSL off
>
>
> Regards,
>
> Aditya.
>
>
> Hi Aditya,
>
> See the below example of me connecting to RDS from an EC2 instance:
>
> You need to change the $RDSHOST value
> you need to replace my “app_user” to your “testuser” and database
> “postgres” to your “testdb”
>
> [ec2-user(at)ip-172-31-13-121 ~]$ export RDSHOST="mypg.cfvvs1nh3f7i.ap-
> southeast-2.rds.amazonaws.com"
>
> [ec2-user(at)ip-172-31-13-121 ~]$ export PGPASSWORD="$(aws rds
> generate-db-auth-token \
> --hostname $RDSHOST \
> --port 5432 \
> --username app_user)”
>
> [ec2-user(at)ip-172-31-13-121 ~]$ psql "host=$RDSHOST port=5432
> sslmode=require dbname=postgres user= app_user"
>
> psql (11.5, server 12.3)
> WARNING: psql major version 11, server major version 12.
> Some psql features might not work.
> SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
> bits: 256, compression: off)
> Type "help" for help.
> postgres=>
>
> Thanks,
> Hannah
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2020-10-01 03:38:24 | Re: proposal: schema variables |
| Previous Message | Hannah Huang | 2020-09-30 11:17:37 | Re: SSL connection getting rejected on AWS RDS |