具有 IAM 身份验证错误的 Aurora RDS Postgres?
Aurora RDS Postgres with IAM Authentication error?
我尝试使用本地计算机上的 IAM 用户连接我的 Aurora Postgres 数据库,但出现以下错误:psql: FATAL: PAM authentication failed for user "test-rds"
在数据库上创建用户的命令:
CREATE USER test-rds WITH LOGIN;
GRANT rds_iam TO test-rds;
我已创建此策略并将其附加到我的 IAM 用户。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:eu-west-1:$account:dbuser:$db-id/test-rds",
]
}
]
}
然后测试以下命令:
export PGPASSWORD=$(aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
psql "host=$db-host port=$db-port sslmode=require sslrootcert=rds-combined-ca-bundle.pem dbname=postgres user=test-rds"
如果我尝试使用 postgresql 用户,我可以访问我的数据库,但不能使用 iam 用户,我不明白为什么。
请帮帮我^^ !
一切似乎都很完美,除了身份验证 part.Can 您生成临时凭据如下所示并尝试连接到 database.It 应该可以。
$ creds=$(aws sts assume-role --role-arn arn:aws:iam::ACC-ID:role/testauth --role-session-name test)
$ echo $creds
{ "AssumedRoleUser": { "AssumedRoleId": "XXXXXXXXXXXXXX:test", "Arn": "arn:aws:sts::XXXXXXXXXXXX:assumed-role/testauth/test" }, "Credentials": { "SecretAccessKey": "+xxxx/XXXXXXXXXXX+g0mdOo7vyfloot07", "SessionToken": "xxxxXIvYXdzEJP//////////XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+AO0fnzvmfGkd1QWLWdeVSOi4DTHabXYJZeBN6gYltigFnd61koyAMVD4Yw/eCi/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+XXXXXXXXXXXXXXX+wgs22LnfYwy4Kqhh7NCK7Gk6VXQ518MdlVmFBxyko5ffx3QU=", "Expiration": "2018-10-09T10:59:01Z", "AccessKeyId": "XXXXXXXXXXXXXXXXXXX" } }
Export dynamic variable for the session:
______________________________
$ export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXX"
$ export AWS_SECRET_ACCESS_KEY="+xxxx/kHESRK32Fso+g0mdOo7vyfloot07"
$ export AWS_SESSION_TOKEN="xxxxIvYXdzEJP//////////wEaDO2IFbHyBBMLuswSXiLoARHDVo6yvQnxsKCis62f4nmmmGBMJYXCLWoKSuMcVgn5Aw+xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/eCi/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+i3OLpjWQw+wgs22LnfYwy4Kqhh7NCK7Gk6VXQ518MdlVmFBxyko5ffx3QU="
Generate Token:
_______________
$ export PGPASSWORD="$(aws rds generate-db-auth-token --hostname=testauth.xxxxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=testcustom --region us-west-2)"
Try Connections( should work):
_______________
$ psql -h testauth.xxxxxxxxxx.us-west-2.rds.amazonaws.com -p 5432 "dbname=testauth user=testcustom sslrootcert=/home/ec2-user/rds-combined-ca-bundle.pem sslmode=verify-ca"
psql (9.2.24, server 10.4)
WARNING: psql version 9.2, server version 10.0.
Some psql features might not work.
SSL connection (cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256)
Type "help" for help.
当我修改以下命令后问题就解决了:
export PGPASSWORD=$(aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
我在命令中添加了AWS_PROFILE。
export PGPASSWORD=$(AWS_PROFILE=test-rds aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
我尝试使用本地计算机上的 IAM 用户连接我的 Aurora Postgres 数据库,但出现以下错误:psql: FATAL: PAM authentication failed for user "test-rds"
在数据库上创建用户的命令:
CREATE USER test-rds WITH LOGIN;
GRANT rds_iam TO test-rds;
我已创建此策略并将其附加到我的 IAM 用户。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:eu-west-1:$account:dbuser:$db-id/test-rds",
]
}
]
}
然后测试以下命令:
export PGPASSWORD=$(aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
psql "host=$db-host port=$db-port sslmode=require sslrootcert=rds-combined-ca-bundle.pem dbname=postgres user=test-rds"
如果我尝试使用 postgresql 用户,我可以访问我的数据库,但不能使用 iam 用户,我不明白为什么。
请帮帮我^^ !
一切似乎都很完美,除了身份验证 part.Can 您生成临时凭据如下所示并尝试连接到 database.It 应该可以。
$ creds=$(aws sts assume-role --role-arn arn:aws:iam::ACC-ID:role/testauth --role-session-name test)
$ echo $creds
{ "AssumedRoleUser": { "AssumedRoleId": "XXXXXXXXXXXXXX:test", "Arn": "arn:aws:sts::XXXXXXXXXXXX:assumed-role/testauth/test" }, "Credentials": { "SecretAccessKey": "+xxxx/XXXXXXXXXXX+g0mdOo7vyfloot07", "SessionToken": "xxxxXIvYXdzEJP//////////XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+AO0fnzvmfGkd1QWLWdeVSOi4DTHabXYJZeBN6gYltigFnd61koyAMVD4Yw/eCi/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+XXXXXXXXXXXXXXX+wgs22LnfYwy4Kqhh7NCK7Gk6VXQ518MdlVmFBxyko5ffx3QU=", "Expiration": "2018-10-09T10:59:01Z", "AccessKeyId": "XXXXXXXXXXXXXXXXXXX" } }
Export dynamic variable for the session:
______________________________
$ export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXX"
$ export AWS_SECRET_ACCESS_KEY="+xxxx/kHESRK32Fso+g0mdOo7vyfloot07"
$ export AWS_SESSION_TOKEN="xxxxIvYXdzEJP//////////wEaDO2IFbHyBBMLuswSXiLoARHDVo6yvQnxsKCis62f4nmmmGBMJYXCLWoKSuMcVgn5Aw+xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/eCi/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+i3OLpjWQw+wgs22LnfYwy4Kqhh7NCK7Gk6VXQ518MdlVmFBxyko5ffx3QU="
Generate Token:
_______________
$ export PGPASSWORD="$(aws rds generate-db-auth-token --hostname=testauth.xxxxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=testcustom --region us-west-2)"
Try Connections( should work):
_______________
$ psql -h testauth.xxxxxxxxxx.us-west-2.rds.amazonaws.com -p 5432 "dbname=testauth user=testcustom sslrootcert=/home/ec2-user/rds-combined-ca-bundle.pem sslmode=verify-ca"
psql (9.2.24, server 10.4)
WARNING: psql version 9.2, server version 10.0.
Some psql features might not work.
SSL connection (cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256)
Type "help" for help.
当我修改以下命令后问题就解决了:
export PGPASSWORD=$(aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
我在命令中添加了AWS_PROFILE。
export PGPASSWORD=$(AWS_PROFILE=test-rds aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)