I'm attempting to create a Lambda where I can make calls to various stored procedures and functions in my Aurora PostgreSQL dB instance. I'm following the guide on this page: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.Connecting.NET.html
Eventually I want to connect this with Dapper, but for now I'm just trying to get the code from the above example to work. I am using the npgsql package and can successfully retrieve the RDSAuthToken via the RDSAuthTokenGenerator.GenerateAuthToken() function using the appropriate region endpoint, cluster endpoint, port number, and db user.
The problem comes when I use the AuthToken I retrieved earlier to create a connection to the server:
using NpgsqlConnection connection = new NpgsqlConnection($"Server=Cluster Endpoint;User Id=dB User;Password=AuthToken;Database=dB Instance name");
I am now getting this error:
"28000: pg_hba.conf rejects connection for host "172.31.30.255", user "dB User", database "dB Instance Name", SSL off
I'm not sure what I need to do to get this to work. As far as I can tell, I've done everything exactly as I was supposed to according to the guide in the documentation. I also created a user role with the specific permission for rds-db:connect for my specific dB user and dB instance id.
My only guess is that I have failed to connect that authorization in some way to the actual dB user. I assigned that permission to a role with the same name, and then I created a dB user with that name in the dB and then granted it the rds_iam role, but it's not clear to me that the IAM user and the dB user would be connected yet. And I haven't been able to find examples online for how to connect them.
It would be great to get a little help with this one. Thanks!
Edit: I realized that my issue might be with the SSL Certificate path that is required at the end of the connection string in the example I linked above. I will keep looking into this, but I'm wondering if this will work to use in a Lambda if I have to reference a path to a certificate that I install on my computer. Although, I might not be understanding how this works.