Aws glue connects to RDS PostgreSQL
I failed to connect to the RDS postgreSQL database using glue, and failed to return the following message:
Check that your connection definition references your JDBC database with correct URL syntax, username, and password. The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
Exiting with error code 30
My connection steps:
type JDBC
JDBC URL jdbc:postgresql://xxx.xxx.us-west-2.rds.amazonaws.com:5432/xxx
VPC ID vpc-xxx
Subnet xxx
Security group sg-xxx
SSL connection required false
I have checked the pg database for the above configuration and there should be no problem.
My glue IAM permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "rds:*",
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "true"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:GetAccessPoint",
"ec2:DescribeAddresses",
"ec2:DescribeByoipCidrs",
"s3:GetBucketPolicy",
"glue:*",
"kms:*",
"s3:GetAccessPointPolicyStatus",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetMultiRegionAccessPointPolicyStatus",
"rds-db:*",
"s3:GetMultiRegionAccessPointPolicy",
"s3:ListAccessPoints",
"s3:GetMultiRegionAccessPoint",
"rds-data:*",
"s3:ListMultiRegionAccessPoints",
"s3:GetBucketAcl",
"s3:DescribeMultiRegionAccessPointOperation",
"s3:PutObject",
"s3:GetObject",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"s3:GetBucketLocation",
"s3:GetAccessPointPolicy"
],
"Resource": "*"
}
]
}
The error message gives three possible directions:
1
Check that your connection definition references your JDBC database with correct URL syntax, username, and password.
I don't think this should be wrong
2
The authentication type 10 is not supported.
I'm not exactly sure what this error means, and all my Google queries are to modify pg_hba.conf. However, RDS does not provide modifications to this file.
3
Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
I don't understand what this mistake means