Hi Aditya,

Yes, you need to grant the role to the user inside PostgreSQL database.

Please checkout this article: 
https://suyahuang.wordpress.com/2020/10/01/hands-on-lab-access-rds-postgresql-from-ec2-instance-without-password-how-to-configure-iam-db-authentication/

Let me know if you have any problem following through.

Thanks,
Hannah

> On 1 Oct 2020, at 1:50 am, aditya desai <admad...@gmail.com> wrote:
> 
> Hi Hannah,
> Thank you very much!! this is really helpful. Do we need to pass 
> 'sslrootcert" as mentioned in the doc below? I see that you have not used it 
> in  your command. 
> 
> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html
>  
> <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html>
> 
> Also do we have to grant the role below to the user?
> 
> grant rds_iam to app_user;
> 
> 
> If you have any document/Steps to set this up from scratch,could you please 
> forward? That would be really helpful.
> 
> Regards,
> Aditya.
> 
> 
> On Wed, Sep 30, 2020 at 4:47 PM Hannah Huang <hannah.huan...@gmail.com 
> <mailto:hannah.huan...@gmail.com>> wrote:
> 
> 
>> On 30 Sep 2020, at 5:19 pm, aditya desai <admad...@gmail.com 
>> <mailto:admad...@gmail.com>> wrote:
>> 
>> Hi,
>> We have AWS RDS and we are trying to connect to DB remotely from EC2 
>> instance.as <http://instance.as/> client connection using psql. We are 
>> trying to set up IAM roles. We did all the necessary settings but got below 
>> error. Could you please advise?
>> 
>> Password for user lmp_cloud_dev:
>> psql: FATAL:  PAM authentication failed for user "testuser"
>> FATAL:  pg_hba.conf rejects connection for host "192.168.1.xxx", user 
>> "testuser", database "testdb", SSL off
>> 
>> Regards,
>> Aditya.
>> 
> 
> Hi Aditya,
> 
> See the below example of me connecting to RDS from an EC2 instance:
> 
> You need to change the $RDSHOST value
> you need to replace my “app_user” to your “testuser” and database “postgres” 
> to your “testdb”
> 
> [ec2-user@ip-172-31-13-121 ~]$ export 
> RDSHOST="mypg.cfvvs1nh3f7i.ap-southeast-2.rds.amazonaws.com 
> <http://southeast-2.rds.amazonaws.com/>"
> 
> [ec2-user@ip-172-31-13-121 ~]$ export PGPASSWORD="$(aws rds 
> generate-db-auth-token \
> --hostname $RDSHOST \
> --port 5432 \
> --username app_user)”
> 
> [ec2-user@ip-172-31-13-121 ~]$ psql "host=$RDSHOST port=5432 sslmode=require 
> dbname=postgres user= app_user"
> 
> psql (11.5, server 12.3)
> WARNING: psql major version 11, server major version 12.
> Some psql features might not work.
> SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 
> 256, compression: off)
> Type "help" for help.
> postgres=>
> 
> Thanks,
> Hannah

Reply via email to