You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wish to establish connection between an EC2 instance and RDS. Now the role which is attached to the instance doesnot have permissions to connect to the DB, so I have to assume another role and then try to establish connection. So, I created an .aws/config file and added the following line
In the connection string I have added the awsProfile parameter jdbc:aws-wrapper:postgresql://rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.com:1433/A226722_my_db?user=myuser&awsProfile=226722&wrapperPlugins=iam&iamRegion=us-east-1
Expected Behavior
I expected the connection to be established by assuming the target role in the profile.
What plugins are used? What other connection properties were set?
aws-advanced-jdbc-wrapper-2.5.4.jar, all other AWS packages version-2.23.2
Current Behavior
Getting "PAM authentication failed..." , and here are the logs
Dec 27, 2024 12:53:02 PM software.amazon.jdbc.targetdriverdialect.TargetDriverDialectManager logDialect
FINEST: Target driver dialect set to: 'pgjdbc', software.amazon.jdbc.targetdriverdialect.PgTargetDriverDialect@7e774085.
Dec 27, 2024 12:53:02 PM software.amazon.jdbc.ConnectionPluginChainBuilder getPlugins
FINEST: Plugins order has been rearranged. The following order is in effect: IamAuthConnectionPluginFactory
Dec 27, 2024 12:53:02 PM software.amazon.jdbc.hostlistprovider.RdsHostListProvider refresh
FINEST: Topology:
HostSpec[host=rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.comyuser, port=1433, WRITER, AVAILABLE, weight=100, null]
Dec 27, 2024 12:53:03 PM software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin connectInternal
FINEST: Generated new authentication token = ''
Dec 27, 2024 12:53:03 PM software.amazon.jdbc.DriverConnectionProvider connect
FINEST: Connecting to jdbc:postgresql://rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.comyuser:1433/A226722_my_db
with properties:
[password] ***
[tcpKeepAlive] false
[user] myuser
Dec 27, 2024 12:53:03 PM software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin connectInternal
FINEST: Error occurred while opening a connection: 'org.postgresql.util.PSQLException: FATAL: PAM authentication failed for user "myuser"'
Exception in thread "main" org.postgresql.util.PSQLException: FATAL: PAM authentication failed for user "myuser"
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:711)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:213)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:268)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
at org.postgresql.jdbc.PgConnection.(PgConnection.java:273)
at org.postgresql.Driver.makeConnection(Driver.java:446)
at org.postgresql.Driver.connect(Driver.java:298)
at software.amazon.jdbc.DriverConnectionProvider.connect(DriverConnectionProvider.java:138)
at software.amazon.jdbc.plugin.DefaultConnectionPlugin.connectInternal(DefaultConnectionPlugin.java:195)
at software.amazon.jdbc.plugin.DefaultConnectionPlugin.connect(DefaultConnectionPlugin.java:178)
at software.amazon.jdbc.ConnectionPluginManager.lambda$connect$6(ConnectionPluginManager.java:378)
at software.amazon.jdbc.ConnectionPluginManager.lambda$null$0(ConnectionPluginManager.java:268)
at software.amazon.jdbc.ConnectionPluginManager.executeWithTelemetry(ConnectionPluginManager.java:245)
at software.amazon.jdbc.ConnectionPluginManager.lambda$makePluginChainFunc$1(ConnectionPluginManager.java:268)
at software.amazon.jdbc.ConnectionPluginManager.lambda$null$2(ConnectionPluginManager.java:273)
at software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin.connectInternal(IamAuthConnectionPlugin.java:176)
at software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin.connect(IamAuthConnectionPlugin.java:116)
at software.amazon.jdbc.ConnectionPluginManager.lambda$connect$6(ConnectionPluginManager.java:378)
at software.amazon.jdbc.ConnectionPluginManager.lambda$null$3(ConnectionPluginManager.java:272)
at software.amazon.jdbc.ConnectionPluginManager.executeWithTelemetry(ConnectionPluginManager.java:245)
at software.amazon.jdbc.ConnectionPluginManager.lambda$makePluginChainFunc$4(ConnectionPluginManager.java:272)
at software.amazon.jdbc.ConnectionPluginManager.executeWithSubscribedPlugins(ConnectionPluginManager.java:235)
at software.amazon.jdbc.ConnectionPluginManager.connect(ConnectionPluginManager.java:375)
at software.amazon.jdbc.wrapper.ConnectionWrapper.init(ConnectionWrapper.java:161)
at software.amazon.jdbc.wrapper.ConnectionWrapper.(ConnectionWrapper.java:105)
at software.amazon.jdbc.Driver.connect(Driver.java:183)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:683)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:191)
at org.example.AwsIamAuthenticationPostgresqlExample.main(AwsIamAuthenticationPostgresqlExample.java:44)
Suppressed: org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host "34.201.92.70", user "myuser", database "A226722_my_db", no encryption
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:711)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:213)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:277)
... 26 more
Reproduction Steps
// The Java code I used
package org.example;
import software.amazon.jdbc.PropertyDefinition;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
public class AwsIamAuthenticationPostgresqlExample {
public static final String POSTGRESQL_CONNECTION_STRING =
"jdbc:aws-wrapper:postgresql://rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.com:1433/A226722_my_db?user=myuser&awsProfile=test&wrapperPlugins=iam&iamRegion=us-east-1";
public static void main(String[] args) throws SQLException {
final Properties properties = new Properties();
properties.setProperty("wrapperLoggerLevel", "finest");
// Attempt a connection
try (Connection conn = DriverManager.getConnection(POSTGRESQL_CONNECTION_STRING,properties);
Statement statement = conn.createStatement();
ResultSet result = statement.executeQuery("select aurora_db_instance_identifier()")) {
System.out.println(Util.getResult(result));
}
}
}
Possible Solution
No response
Additional Information/Context
I was able to achieve the same using AWS CLI and psql
The AWS Advanced JDBC Driver version used
2.5.4
JDK version used
openjdk 21.0.5 2024-10-15
Operating System and version
ubuntu-24.04
The text was updated successfully, but these errors were encountered:
Describe the bug
I wish to establish connection between an EC2 instance and RDS. Now the role which is attached to the instance doesnot have permissions to connect to the DB, so I have to assume another role and then try to establish connection. So, I created an .aws/config file and added the following line
In the connection string I have added the awsProfile parameter
jdbc:aws-wrapper:postgresql://rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.com:1433/A226722_my_db?user=myuser&awsProfile=226722&wrapperPlugins=iam&iamRegion=us-east-1
Expected Behavior
I expected the connection to be established by assuming the target role in the profile.
What plugins are used? What other connection properties were set?
aws-advanced-jdbc-wrapper-2.5.4.jar, all other AWS packages version-2.23.2
Current Behavior
Getting "PAM authentication failed..." , and here are the logs
Dec 27, 2024 12:53:02 PM software.amazon.jdbc.targetdriverdialect.TargetDriverDialectManager logDialect
FINEST: Target driver dialect set to: 'pgjdbc', software.amazon.jdbc.targetdriverdialect.PgTargetDriverDialect@7e774085.
Dec 27, 2024 12:53:02 PM software.amazon.jdbc.ConnectionPluginChainBuilder getPlugins
FINEST: Plugins order has been rearranged. The following order is in effect: IamAuthConnectionPluginFactory
Dec 27, 2024 12:53:02 PM software.amazon.jdbc.hostlistprovider.RdsHostListProvider refresh
FINEST: Topology:
HostSpec[host=rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.comyuser, port=1433, WRITER, AVAILABLE, weight=100, null]
Dec 27, 2024 12:53:03 PM software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin connectInternal
FINEST: Generated new authentication token = ''
Dec 27, 2024 12:53:03 PM software.amazon.jdbc.DriverConnectionProvider connect
FINEST: Connecting to jdbc:postgresql://rdsap226722sbx-dd-new-cl.cluster-fkshgfakhr.us-east-1.rds.amazonaws.comyuser:1433/A226722_my_db
with properties:
[password] ***
[tcpKeepAlive] false
[user] myuser
Dec 27, 2024 12:53:03 PM software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin connectInternal
FINEST: Error occurred while opening a connection: 'org.postgresql.util.PSQLException: FATAL: PAM authentication failed for user "myuser"'
Exception in thread "main" org.postgresql.util.PSQLException: FATAL: PAM authentication failed for user "myuser"
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:711)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:213)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:268)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
at org.postgresql.jdbc.PgConnection.(PgConnection.java:273)
at org.postgresql.Driver.makeConnection(Driver.java:446)
at org.postgresql.Driver.connect(Driver.java:298)
at software.amazon.jdbc.DriverConnectionProvider.connect(DriverConnectionProvider.java:138)
at software.amazon.jdbc.plugin.DefaultConnectionPlugin.connectInternal(DefaultConnectionPlugin.java:195)
at software.amazon.jdbc.plugin.DefaultConnectionPlugin.connect(DefaultConnectionPlugin.java:178)
at software.amazon.jdbc.ConnectionPluginManager.lambda$connect$6(ConnectionPluginManager.java:378)
at software.amazon.jdbc.ConnectionPluginManager.lambda$null$0(ConnectionPluginManager.java:268)
at software.amazon.jdbc.ConnectionPluginManager.executeWithTelemetry(ConnectionPluginManager.java:245)
at software.amazon.jdbc.ConnectionPluginManager.lambda$makePluginChainFunc$1(ConnectionPluginManager.java:268)
at software.amazon.jdbc.ConnectionPluginManager.lambda$null$2(ConnectionPluginManager.java:273)
at software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin.connectInternal(IamAuthConnectionPlugin.java:176)
at software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin.connect(IamAuthConnectionPlugin.java:116)
at software.amazon.jdbc.ConnectionPluginManager.lambda$connect$6(ConnectionPluginManager.java:378)
at software.amazon.jdbc.ConnectionPluginManager.lambda$null$3(ConnectionPluginManager.java:272)
at software.amazon.jdbc.ConnectionPluginManager.executeWithTelemetry(ConnectionPluginManager.java:245)
at software.amazon.jdbc.ConnectionPluginManager.lambda$makePluginChainFunc$4(ConnectionPluginManager.java:272)
at software.amazon.jdbc.ConnectionPluginManager.executeWithSubscribedPlugins(ConnectionPluginManager.java:235)
at software.amazon.jdbc.ConnectionPluginManager.connect(ConnectionPluginManager.java:375)
at software.amazon.jdbc.wrapper.ConnectionWrapper.init(ConnectionWrapper.java:161)
at software.amazon.jdbc.wrapper.ConnectionWrapper.(ConnectionWrapper.java:105)
at software.amazon.jdbc.Driver.connect(Driver.java:183)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:683)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:191)
at org.example.AwsIamAuthenticationPostgresqlExample.main(AwsIamAuthenticationPostgresqlExample.java:44)
Suppressed: org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host "34.201.92.70", user "myuser", database "A226722_my_db", no encryption
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:711)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:213)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:277)
... 26 more
Reproduction Steps
Possible Solution
No response
Additional Information/Context
I was able to achieve the same using AWS CLI and psql
The AWS Advanced JDBC Driver version used
2.5.4
JDK version used
openjdk 21.0.5 2024-10-15
Operating System and version
ubuntu-24.04
The text was updated successfully, but these errors were encountered: