RDS connections limit
Hello,
I have a RDS Postgres used by a lambda. This lambda is used on a front end experience. Recenlty I reached the limit of connections on the rds. My concern is that the logs where showing this messages like a 100 times: 2023-02-27 11:00:22 UTC:3.0.139.252(47570):@:[23428]:FATAL: password authentication failed for user "" 2023-02-27 11:00:22 UTC:3.0.139.252(47570):@*******:[23428]:DETAIL: Role "" does not exist. Connection matched pg_hba.conf line 13: "host all all all md5" 2023-02-27 11:00:45 UTC:3.0.139.252(52788):@:[23453]:FATAL: password authentication failed for user "" 2023-02-27 11:00:45 UTC:3.0.139.252(52788):*******@:[23453]:DETAIL: Role "" does not exist. Connection matched pg_hba.conf line 13: "host all all all md5" 2023-02-27 11:01:26 UTC:3.0.139.252(58080):@:[23498]:FATAL: password authentication failed for user "" 2023-02-27 11:01:26 UTC:3.0.139.252(58080):@:[23498]:DETAIL: Role "" does not exist. Connection matched pg_hba.conf line 13: "host all all all md5" 2023-02-27 11:01:33 UTC:3.0.139.252(39560):@**:[23539]:FATAL: password authentication failed for user "" 2023-02-27 11:01:33 UTC:3.0.139.252(39560):@*****:[23539]:DETAIL: Role "******" does not exist. Connection matched pg_hba.conf line 13: "host all all all md5"
This is easier a log issue because the connection limit was reached or either someone trying to bruteforce the database. Can you confirm that this is link to the connection limit being reached ?
Also now when I look at my connections limit I see pikes like bellow:
But when I look my trafic analytics I don't have huge pikes of views at the same time. What can this be related to ? What exatcly count as a connection ?
Thank you in advance,
- 최신
- 최다 투표
- 가장 많은 댓글
I can't speak to what your exact issue is. Every time your Lambda function runs, you may be establishing a new database connection. Since Lambda reuses execution environments, it is recommended that the DB connection be established outside of the init code and left open. Additionally It could be a security issue, depending on your configuration. Is your DB Instance located in a private subnet? Do you have Security Group rules that only allow DB traffic from the Lambda functions?
Database connection management in a serverless environment is a common challenge, there is a tool to help you manage it.
RDS Proxy for PostgreSQL.
This can be setup for most apps without code changes. The idea is to fix connection management by connection pooling and multiplexing. You can also use RDS Proxy can also help add another layer of security and enforce IAM authentication for databases as well as securely store credentials in AWS Secrets Manager rather than in code.
RDS proxy info https://aws.amazon.com/rds/proxy/
A Lab using RDS Proxy for PostgreSQL https://catalog.us-east-1.prod.workshops.aws/workshops/2a5fc82d-2b5f-4105-83c2-91a1b4d7abfe/en-US/3-intermediate/rds-proxy
Security Group settings for Lambda connections: https://aws.amazon.com/premiumsupport/knowledge-center/connect-lambda-to-an-rds-instance/
Also see this post on RDS and Lambda - https://repost.aws/questions/QUdJCGX5f1SD-OESCqqOCT_w/rds-connections-in-lambda
Thank you for all the details we have definlty not done the right things the right way we are going to change that. By the way we find our bug we did not added a "client.end()" at the end of our lambda that's why db connection keep added up. In the mean time the main issue is fixed. But we are going to change our architecture to be more secure and efficient thanks to your help. Best,
