Hi Hannah, Thank you very much!! this is really helpful. Do we need to pass 'sslrootcert" as mentioned in the doc below? I see that you have not used it in your command.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html Also do we have to grant the role below to the user? grant rds_iam to app_user; If you have any document/Steps to set this up from scratch,could you please forward? That would be really helpful. Regards, Aditya. On Wed, Sep 30, 2020 at 4:47 PM Hannah Huang <hannah.huan...@gmail.com> wrote: > > > On 30 Sep 2020, at 5:19 pm, aditya desai <admad...@gmail.com> wrote: > > Hi, > We have AWS RDS and we are trying to connect to DB remotely from EC2 > instance.as client connection using psql. We are trying to set up IAM > roles. We did all the necessary settings but got below error. Could you > please advise? > > Password for user lmp_cloud_dev: > > psql: FATAL: PAM authentication failed for user "testuser" > > FATAL: pg_hba.conf rejects connection for host "192.168.1.xxx", user > "testuser", database "testdb", SSL off > > > Regards, > > Aditya. > > > Hi Aditya, > > See the below example of me connecting to RDS from an EC2 instance: > > You need to change the $RDSHOST value > you need to replace my “app_user” to your “testuser” and database > “postgres” to your “testdb” > > [ec2-user@ip-172-31-13-121 ~]$ export RDSHOST="mypg.cfvvs1nh3f7i.ap- > southeast-2.rds.amazonaws.com" > > [ec2-user@ip-172-31-13-121 ~]$ export PGPASSWORD="$(aws rds > generate-db-auth-token \ > --hostname $RDSHOST \ > --port 5432 \ > --username app_user)” > > [ec2-user@ip-172-31-13-121 ~]$ psql "host=$RDSHOST port=5432 > sslmode=require dbname=postgres user= app_user" > > psql (11.5, server 12.3) > WARNING: psql major version 11, server major version 12. > Some psql features might not work. > SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, > bits: 256, compression: off) > Type "help" for help. > postgres=> > > Thanks, > Hannah >