I’m trying to figure out the correct configuration to be able to connect to an AWS RDS PosgreSQL instance with enforced SSL.
Right now I’m getting:
[postgres] FATAL: no pg_hba.conf entry for host "XX.XXX.XX.XXX", user "XXXX", database "kong", SSL off, client: 172.17.0.1, server: kong
I tried fiddling with the ssl config, trying to set
lua_ssl_trusted_certificate with the
rds-combined-ca-bundle.pem provided by AWS. I also tried changing
lua_ssl_verify_depth to 1, 2 and 10,
pg_ssl = on ,
pg_ssl = off ,
pg_ssl_verify = on ,
pg_ssl_verify = off with various combinations, without success.
Trying to connect with the
psql command line works as expected:
psql -h xxxxx.us-east-1.rds.amazonaws.com -p 5432 "dbname=kong user=xxxx sslrootcert=/var/certs/rds-combined-ca-bundle.pem sslmode=verify-full"
this gets me to the password prompt and once logged in it works as expected.