1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
I recommend that you first review all troubleshooting methods in the documentation below.
https://repost.aws/knowledge-center/aurora-postgresql-connect-iam
By the way, is the ARN set in the IAM policy correct?
If you try changing the ARN to "*" and are able to connect, the ARN may be incorrect.
"arn:aws:rds-db:eu-west-1:11111111111:dbuser:example-db/rds-test"
Relevant content
- Accepted Answerasked 10 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi,
I also tried matching all DB clusters and database accounts using this ARN: "arn:aws:rds-db:us-east-2:1234567890:dbuser:/" and it resulted in the same issue, if that's what you meant.
https://repost.aws/knowledge-center/aurora-postgresql-connect-iam - It is mentioned here that my issue might be cause by trying to connect to the DB without SSL which is not the case in this situation. "If you get an error similar to the one in this example, then the client is trying to connect to the DB instance without SSL."
For example, try checking the connection using the following IAM policy.
By the way, the "psql" command uses SSL communication by default, so I thought it might be possible to connect without "sslmode=verify-full sslrootcert=eu-west-1-bundle.pem". In other words, I think it is possible to connect using the following connection method. https://medium.com/@tizattogabriel/how-to-authenticate-to-an-aws-rds-postgresql-db-instance-using-iam-credentials-4e69b095c01c
Instead of using regional certificates, why not try using a certificate bundle that includes both intermediate and root certificates for all AWS Regions? https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem