Context: I'm running into this problem on PostgreSQL running on both Aurora Serverless V2 and PostgreSQL running on RDS. The PostgreSQL database running on RDS is a db.t4g.xlarge
. I am using IAM auth to authenticate to PostgreSQL.
Problem: In my CloudWatch logs, I see that PostgreSQL reloads the configuration files after receiving a SIGHUP
. This causes a bunch of requests to the rdsauthproxy
service that is running on 127.0.0.1
at port 1108
. There are about 30 lines that look like this that happen at the same exact time down to the second,
* Trying 127.0.0.1:1108...
* Connected to rdsauthproxy (127.0.0.1) port 1108
> POST /authenticateRequest HTTP/1.1
Host: rdsauthproxy:1108
Accept: */*
Content-Length: 2070
Content-Type: multipart/form-data; boundary=------------------------xxxxxxxxxxxxxxxx
* We are completely uploaded and fine
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 0
Then I see this line in the logs randomly,
* Trying 127.0.0.1:1108...
* connect to 127.0.0.1 port 1108 failed: Connection refused
* Failed to connect to rdsauthproxy port 1108 after 0 ms: Couldn't connect to server
* Closing connection
Afterwards I see a bunch of these lines,
LOG: pam_authenticate failed: Permission denied
FATAL: PAM authentication failed for user "database_user"
DETAIL: Connection matched pg_hba.conf line 14: "hostssl all +rds_iam all pam"
These failures continue for a few mins and then I start seeing connections again to rdsauthproxy
. I've checked my CloudWatch metrics for CPUUtilization
, DatabaseConnections
, FreeableMemory
, DBLoad
and everything seems fine to me. The CPUUtilization
is at 15%
and there are only a max of 10
DatabaseConnections
. It seems to me that rdsauthproxy
is going down for a certain period of time and is unable to accept requests and then it comes back up. I'd like to know why this is happening. This issue is not just isolated to RDS, it is also happening for my databases that are running on Aurora Serverless V2. For Aurora Serverless V2, rdsauthproxy
is running on a different IP not 127.0.0.1
.
Thanks for all the help.