RDS Generate Auth Token - PAM Using CNAME record

0

Hello everyone,

I'm able to log in my RDS Postgre DB using the token generated by this command:

aws rds generate-db-auth-token --hostname rdsdbstaging.hdgr94.us-east-1.rds.amazonaws.com --port 5432 --username emmanuel 

But I can't using this command (that contains a CNAME DNS record to my instance domain):

aws rds generate-db-auth-token --hostname rds.staging.mycompany.com --port 5432 --username emmanuel 

Error: FATAL: PAM authentication failed for user "emmanuel"

Could you help my to understand why I'm getting this error?

PS #1: Is it related to the DB created during instance startup (rdsdbstaging)?

PS #2: Is it related to the RDS certificate?

Thank you,

1 Answer
1
Accepted Answer

Hello.

You cannot generate authentication tokens using a custom domain (in this case a CNAME record) instead of an instance endpoint as described in the documentation below.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.html

You cannot use a custom Route 53 DNS record instead of the DB instance endpoint to generate the authentication token.

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions