Question 279638 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – AWS ECS Scheduled Task Connection Error with RDS

I’m currently facing an issue with my ECS tasks connection to RDS which are deployed by using AWS Copilot CLI. Despite ensuring that the ECS task and the RDS have the same VPC and appropriate security groups for connection.

Interestingly, when I deploy using the same configuration on EC2 and Lambda, the connection is established without any issues. This is the same method I’ve used for my API and Bastion server, and they’ve been working perfectly fine.

Here are the expected and actual results:

  • Expected Result: Successful connection between ECS tasks and RDS.
  • Actual Result: Connection error as mentioned below.

The error message:

'{'S': 'FATAL', 'V': 'FATAL', 'C': '28000', 'M': 'no pg_hba. conf entry for host "x.x.x.x", user "x", database "x", no encryption', 'F': 'auth.c', 'L': '543', 'R': 'ClientAuthentication'}.

What I’ve tried so far:

  1. Ensured that the ECS task and the RDS have the same VPC.
  2. Checked the security groups on both sides for the appropriate connection.

I’m unable to share the exact code due to security reasons, but the process involves deploying the cluster and tasks in ECS through AWS Copilot CLI and trying to establish a connection to RDS.

I’m unsure as to why the same configuration works on EC2 and Lambda but not with ECS. Any insights or potential solutions to this problem would be greatly appreciated.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Certificate from the AWS RDS page used as SSL context in Python PostgreSQL driver library connection method parameters: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions

    References from AWS Support:

    1. Error code postgres → https://www.postgresql.org/docs/16/errcodes-appendix.html
    2. SSL option → https://pypi.org/project/pg8000/#pg8000-native-connection-user-host-localhost-database-none-port-5432-password-none-source-address-none-unix-sock-none-ssl-context-none-timeout-none-tcp-keepalive-true-application-name-none-replication-none-sock-none
    3. SSL context → https://docs.python.org/3/library/ssl.html#ssl.SSLContext
    4. Postgres RDS Parameters → https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Parameters.html#Appendix.PostgreSQL.CommonDBATasks.Parameters.parameters-list

  2. 0

    That’s not a network connection error. That error is coming back from the database server, so the network connection was established. That error is a Postgres authentication error. You have something incorrect in the DB connection settings, such as the username or password.

    I notice the error states no encryption which means you have encryption disabled on the client that is trying to connect. The database could be denying your because of that.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search