En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Error connecting to Aurora PostgreSQL dB in .NET Core Lambda function.

0

I'm attempting to create a Lambda where I can make calls to various stored procedures and functions in my Aurora PostgreSQL dB instance. I'm following the guide on this page: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.Connecting.NET.html

Eventually I want to connect this with Dapper, but for now I'm just trying to get the code from the above example to work. I am using the npgsql package and can successfully retrieve the RDSAuthToken via the RDSAuthTokenGenerator.GenerateAuthToken() function using the appropriate region endpoint, cluster endpoint, port number, and db user.

The problem comes when I use the AuthToken I retrieved earlier to create a connection to the server:

using NpgsqlConnection connection = new NpgsqlConnection($"Server=Cluster Endpoint;User Id=dB User;Password=AuthToken;Database=dB Instance name");

I am now getting this error:

"28000: pg_hba.conf rejects connection for host "172.31.30.255", user "dB User", database "dB Instance Name", SSL off

I'm not sure what I need to do to get this to work. As far as I can tell, I've done everything exactly as I was supposed to according to the guide in the documentation. I also created a user role with the specific permission for rds-db:connect for my specific dB user and dB instance id.

My only guess is that I have failed to connect that authorization in some way to the actual dB user. I assigned that permission to a role with the same name, and then I created a dB user with that name in the dB and then granted it the rds_iam role, but it's not clear to me that the IAM user and the dB user would be connected yet. And I haven't been able to find examples online for how to connect them.

It would be great to get a little help with this one. Thanks!

Edit: I realized that my issue might be with the SSL Certificate path that is required at the end of the connection string in the example I linked above. I will keep looking into this, but I'm wondering if this will work to use in a Lambda if I have to reference a path to a certificate that I install on my computer. Although, I might not be understanding how this works.

Sujets
Sans serveurCalculBase de donnéesSécurité, identité et conformité
Balises
AWS LambdaAurora PostgreSQLPolitiques IAM
Langue
English
Josh
demandé il y a 2 ans817 vues
1 réponse
0

I am not sure if this is the reason, but trying: Lambda functions run in the Lambda service VPC, as such they do not have access to resources in your own VPC. If you need your function to access private resources you will need to attach it to the relevant VPC. If that function also needs to access other AWS services or any other API on the internet, you will need to setup a NAT Gateway or VPC Endpoints to the specific services.

profile pictureAWS
EXPERT
Uri
répondu il y a 2 ans
profile picture
EXPERT
Gary Mclean
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents