By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to config Grafana Postgres data source to connect to AWS RDS ?

0

When config Grafana Postgres data source; host, user, pwd, etc with AWS RDS credentials i get the error: pq: no pg_hba.conf entry for host "X.X.X.X", user "xxxx", database "xxxx", no encryption Grafana is running on a AWS EC2 instance through Docker Grafana container, not AWS Grafana service. Any idea ?

Thank you so much @Mina Gobrial

SOLVED:

Copy process setup from markdown docs to help

## TLS/SSL between Grafana & AWS RDS Postgres

- Download Root Certificate from AWS

<https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions>

``bash
eu-south-2-bundle.pem
``

- Split Root Certificate in different files depends on encryption algorithm:

384-bit EC key -> eu-south-2-ec-384.pem
4096-bit RSA key -> eu-south-2-rsa-4096.pem
2048-bit RSA key -> eu-south-2-rsa-2048.pem

``bash
keytool -printcert -v -file eu-south-2-bundle.pem
``

- Generate Key from Root Certificate

``bash
openssl genrsa -out eu-south-2-rsa-4096-key.pem 4096 
``

- Generate Certificate from Root Certificate

``bash
openssl req -x509 -sha256 -new -nodes -key eu-south-2-rsa-4096-key.pem -days 365 -out eu-south-2-rsa-4096-cert.pem
``
Topics
DatabaseComputeManagement & Governance
Tags
PostgreSQLAmazon EC2Amazon Grafana
Language
English
Alberto
asked a month ago278 views
2 Answers
2
Accepted Answer

To resolve the pq: no pg_hba.conf entry for host error when connecting Grafana (running in Docker on AWS EC2) to a PostgreSQL database on AWS RDS, follow these steps:

  • Modify the RDS security group to allow inbound traffic on port 5432 (PostgreSQL's default) from your EC2 instance's security group or IP address.
  • Download the RDS root certificate from AWS.
  • In Grafana's PostgreSQL data source settings, set SSL mode to 'require' and include the path to the RDS root certificate.
  • Use the correct RDS endpoint as the host address and enter the database user, password, and name accurately.
  • Ensure SSL settings and other relevant parameters in the RDS instance's parameter group are correctly configured for your needs.

Additional Checks:

  • Verify the Grafana Docker container can access RDS endpoint.
  • Check for typos in the Grafana data source configuration.
  • Review AWS RDS and EC2 instance logs for more details on the error.

If this has answered your question or was helpful, accepting the answer would be greatly appreciated. Thank you!

profile picture
EXPERT
Mina Gobrial - OptimeCloud
answered a month ago
1

Please note that PostgreSQL version 14 and newer versions use "scram-sha-256" by default, thus it is very likely that the client driver does not support it."

This is because this PostgreSQL 14.x and above major version uses a newer JDBC driver which introduced the 'scram-sha-256' algorithm in which the older JDBC drivers are not able to handle."

"Therefore, this causes connections to fail due to a change made to the password authentication method used in the newer versions of PostgreSQL (scram-sha-256) whereby the client driver you are using only supports connecting via md5 passwords."

You could change an option in the parameter group to force MD5 instead if this had to work.

profile picture
EXPERT
Gary Mclean
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content