Issues connecting to AWS RDS PostgreSQL with enforced SSL

I’m trying to figure out the correct configuration to be able to connect to an AWS RDS PosgreSQL instance with enforced SSL.
Right now I’m getting:

[postgres] FATAL: no pg_hba.conf entry for host "XX.XXX.XX.XXX", user "XXXX", database "kong", SSL off, client: 172.17.0.1, server: kong

I tried fiddling with the ssl config, trying to set lua_ssl_trusted_certificate with the rds-combined-ca-bundle.pem provided by AWS. I also tried changing lua_ssl_verify_depth to 1, 2 and 10, pg_ssl = on , pg_ssl = off , pg_ssl_verify = on , pg_ssl_verify = off with various combinations, without success.

Trying to connect with the psql command line works as expected:

psql -h xxxxx.us-east-1.rds.amazonaws.com -p 5432 "dbname=kong user=xxxx sslrootcert=/var/certs/rds-combined-ca-bundle.pem sslmode=verify-full"

this gets me to the password prompt and once logged in it works as expected.

Any suggestions?


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ