Re: SSL connection getting rejected on AWS RDS

Hi Aditya,

Yes, you need to grant the role to the user inside PostgreSQL database.

Please checkout this article: https://suyahuang.wordpress.com/2020/10/01/hands-on-lab-access-rds-postgresql-from-ec2-instance-without-password-how-to-configure-iam-db-authentication/

Let me know if you have any problem following through.

Thanks,
Hannah

> On 1 Oct 2020, at 1:50 am, aditya desai <admad123(at)gmail(dot)com> wrote:
>
> Hi Hannah,
> Thank you very much!! this is really helpful. Do we need to pass 'sslrootcert" as mentioned in the doc below? I see that you have not used it in your command.
>
> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html>
>
> Also do we have to grant the role below to the user?
>
> grant rds_iam to app_user;
>
>
> If you have any document/Steps to set this up from scratch,could you please forward? That would be really helpful.
>
> Regards,
> Aditya.
>
>
> On Wed, Sep 30, 2020 at 4:47 PM Hannah Huang <hannah(dot)huang(dot)y(at)gmail(dot)com <mailto:hannah(dot)huang(dot)y(at)gmail(dot)com>> wrote:
>
>
>> On 30 Sep 2020, at 5:19 pm, aditya desai <admad123(at)gmail(dot)com <mailto:admad123(at)gmail(dot)com>> wrote:
>>
>> Hi,
>> We have AWS RDS and we are trying to connect to DB remotely from EC2 instance.as <http://instance.as/> client connection using psql. We are trying to set up IAM roles. We did all the necessary settings but got below error. Could you please advise?
>>
>> Password for user lmp_cloud_dev:
>> psql: FATAL: PAM authentication failed for user "testuser"
>> FATAL: pg_hba.conf rejects connection for host "192.168.1.xxx", user "testuser", database "testdb", SSL off
>>
>> Regards,
>> Aditya.
>>
>
> Hi Aditya,
>
> See the below example of me connecting to RDS from an EC2 instance:
>
> You need to change the $RDSHOST value
> you need to replace my “app_user” to your “testuser” and database “postgres” to your “testdb”
>
> [ec2-user(at)ip-172-31-13-121 ~]$ export RDSHOST="mypg.cfvvs1nh3f7i.ap-southeast-2.rds.amazonaws.com <http://southeast-2.rds.amazonaws.com/>"
>
> [ec2-user(at)ip-172-31-13-121 ~]$ export PGPASSWORD="$(aws rds generate-db-auth-token \
> --hostname $RDSHOST \
> --port 5432 \
> --username app_user)”
>
> [ec2-user(at)ip-172-31-13-121 ~]$ psql "host=$RDSHOST port=5432 sslmode=require dbname=postgres user= app_user"
>
> psql (11.5, server 12.3)
> WARNING: psql major version 11, server major version 12.
> Some psql features might not work.
> SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
> Type "help" for help.
> postgres=>
>
> Thanks,
> Hannah