I’m trying to figure out the correct configuration to be able to connect to an AWS RDS PosgreSQL instance with enforced SSL.
Right now I’m getting:
[postgres] FATAL: no pg_hba.conf entry for host "XX.XXX.XX.XXX", user "XXXX", database "kong", SSL off, client: 172.17.0.1, server: kong
I tried fiddling with the ssl config, trying to set lua_ssl_trusted_certificate
with the rds-combined-ca-bundle.pem
provided by AWS. I also tried changing lua_ssl_verify_depth
to 1, 2 and 10, pg_ssl = on
, pg_ssl = off
, pg_ssl_verify = on
, pg_ssl_verify = off
with various combinations, without success.
Trying to connect with the psql
command line works as expected:
psql -h xxxxx.us-east-1.rds.amazonaws.com -p 5432 "dbname=kong user=xxxx sslrootcert=/var/certs/rds-combined-ca-bundle.pem sslmode=verify-full"
this gets me to the password prompt and once logged in it works as expected.
Any suggestions?