By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Error connecting to Aurora PostgreSQL dB in .NET Core Lambda function.

0

I'm attempting to create a Lambda where I can make calls to various stored procedures and functions in my Aurora PostgreSQL dB instance. I'm following the guide on this page: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.Connecting.NET.html

Eventually I want to connect this with Dapper, but for now I'm just trying to get the code from the above example to work. I am using the npgsql package and can successfully retrieve the RDSAuthToken via the RDSAuthTokenGenerator.GenerateAuthToken() function using the appropriate region endpoint, cluster endpoint, port number, and db user.

The problem comes when I use the AuthToken I retrieved earlier to create a connection to the server:

using NpgsqlConnection connection = new NpgsqlConnection($"Server=Cluster Endpoint;User Id=dB User;Password=AuthToken;Database=dB Instance name");

I am now getting this error:

"28000: pg_hba.conf rejects connection for host "172.31.30.255", user "dB User", database "dB Instance Name", SSL off

I'm not sure what I need to do to get this to work. As far as I can tell, I've done everything exactly as I was supposed to according to the guide in the documentation. I also created a user role with the specific permission for rds-db:connect for my specific dB user and dB instance id.

My only guess is that I have failed to connect that authorization in some way to the actual dB user. I assigned that permission to a role with the same name, and then I created a dB user with that name in the dB and then granted it the rds_iam role, but it's not clear to me that the IAM user and the dB user would be connected yet. And I haven't been able to find examples online for how to connect them.

It would be great to get a little help with this one. Thanks!

Edit: I realized that my issue might be with the SSL Certificate path that is required at the end of the connection string in the example I linked above. I will keep looking into this, but I'm wondering if this will work to use in a Lambda if I have to reference a path to a certificate that I install on my computer. Although, I might not be understanding how this works.

Topics
ServerlessComputeDatabaseSecurity, Identity, & Compliance
Tags
AWS LambdaAurora PostgreSQLIAM Policies
Language
English
Josh
asked 2 years ago805 views
1 Answer
0

I am not sure if this is the reason, but trying: Lambda functions run in the Lambda service VPC, as such they do not have access to resources in your own VPC. If you need your function to access private resources you will need to attach it to the relevant VPC. If that function also needs to access other AWS services or any other API on the internet, you will need to setup a NAT Gateway or VPC Endpoints to the specific services.

profile pictureAWS
EXPERT
Uri
answered 2 years ago
profile picture
EXPERT
Gary Mclean
reviewed 20 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content