<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: AWS: Access RDS database using PrivateLink from another account	</title>
	<atom:link href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/feed/" rel="self" type="application/rss+xml" />
	<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/</link>
	<description></description>
	<lastBuildDate>Tue, 20 Sep 2022 15:07:34 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>
		By: Marian Gheorghe		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-307</link>

		<dc:creator><![CDATA[Marian Gheorghe]]></dc:creator>
		<pubDate>Tue, 20 Sep 2022 15:07:34 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-307</guid>

					<description><![CDATA[Under https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.troubleshooting.html, it&#039;s suggested that in case of &#039;Unknown error.&#039; (which is exactly what I am getting) to contact AWS Support. I&#039;ll do so :) Thanks for the excellent article]]></description>
			<content:encoded><![CDATA[<p>Under <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.troubleshooting.html" rel="nofollow ugc">https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.troubleshooting.html</a>, it&#8217;s suggested that in case of &#8216;Unknown error.&#8217; (which is exactly what I am getting) to contact AWS Support. I&#8217;ll do so :) Thanks for the excellent article</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Marian Gheorghe		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-306</link>

		<dc:creator><![CDATA[Marian Gheorghe]]></dc:creator>
		<pubDate>Tue, 20 Sep 2022 15:05:27 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-306</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-305&quot;&gt;Kliment Andreev&lt;/a&gt;.

Thanks, I already had it listen_addresses = &quot;*&quot;]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-305">Kliment Andreev</a>.</p>
<p>Thanks, I already had it listen_addresses = &#8220;*&#8221;</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Kliment Andreev		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-305</link>

		<dc:creator><![CDATA[Kliment Andreev]]></dc:creator>
		<pubDate>Mon, 19 Sep 2022 13:57:05 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-305</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-304&quot;&gt;Marian Gheorghe&lt;/a&gt;.

Not sure, try this. See if it works. 


&lt;ul&gt;
    Look at your postgresql.conf, sudo vim /etc/postgresql/9.3/main/postgresql.conf
    Add this line: listen_addresses = &#039;*&#039;
    Restart the service sudo /etc/init.d/postgresql restart&lt;/ul&gt;]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-304">Marian Gheorghe</a>.</p>
<p>Not sure, try this. See if it works. </p>
<ul>
    Look at your postgresql.conf, sudo vim /etc/postgresql/9.3/main/postgresql.conf<br />
    Add this line: listen_addresses = &#8216;*&#8217;<br />
    Restart the service sudo /etc/init.d/postgresql restart</ul>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Marian Gheorghe		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-304</link>

		<dc:creator><![CDATA[Marian Gheorghe]]></dc:creator>
		<pubDate>Sat, 17 Sep 2022 16:59:20 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-304</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-302&quot;&gt;Marian Gheorghe&lt;/a&gt;.

If I register the RDS (and not RDS Proxy Endpoint) IPs into the target group, and then connect to via vpce then it works. So the issue is somewhere on the RDS Proxy closing the connection]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-302">Marian Gheorghe</a>.</p>
<p>If I register the RDS (and not RDS Proxy Endpoint) IPs into the target group, and then connect to via vpce then it works. So the issue is somewhere on the RDS Proxy closing the connection</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Marian Gheorghe		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-303</link>

		<dc:creator><![CDATA[Marian Gheorghe]]></dc:creator>
		<pubDate>Sat, 17 Sep 2022 16:44:21 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-303</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-302&quot;&gt;Marian Gheorghe&lt;/a&gt;.

Note: it has nothing to do with the psql client (as per warning: psql major version 12, server major version 13) If I create a publicly available DB the connection and queries against the DB are successful]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-302">Marian Gheorghe</a>.</p>
<p>Note: it has nothing to do with the psql client (as per warning: psql major version 12, server major version 13) If I create a publicly available DB the connection and queries against the DB are successful</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Marian Gheorghe		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-302</link>

		<dc:creator><![CDATA[Marian Gheorghe]]></dc:creator>
		<pubDate>Sat, 17 Sep 2022 16:38:02 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-302</guid>

					<description><![CDATA[I&#039;ve followed the tutorial, the targets in the lb target group are healthy, VPC endpoint and VPC Endpoint Service are available
When I attempt to connect to the DB via VPCE, the connection itself is successful, but any command inside psql that attempt to actually do something against the DB fails

```
psql -h vpce-02a70695b9c4ea212-zafhuhod.vpce-svc-0ac12131212121.eu-central-1.vpce.amazonaws.com -p 5432 -U postgres_user -d cdc_health_monitoring
Password for user postgres_user:
psql (12.12 (Ubuntu 12.12-0ubuntu0.20.04.1), server 13.4)
WARNING: psql major version 12, server major version 13.
         Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type &quot;help&quot; for help.



cdc_health_monitoring=&#062; \dt;
FATAL:  Unknown error.
SSL connection has been closed unexpectedly
The connection to the server was lost. Attempting reset: Succeeded.
psql (12.12 (Ubuntu 12.12-0ubuntu0.20.04.1), server 13.4)
WARNING: psql major version 12, server major version 13.
         Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)

cdc_health_monitoring=&#062; \l
FATAL:  Unknown error.
SSL connection has been closed unexpectedly
The connection to the server was lost. Attempting reset: Succeeded.
psql (12.12 (Ubuntu 12.12-0ubuntu0.20.04.1), server 13.4)
WARNING: psql major version 12, server major version 13.
         Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
cdc_health_monitoring=&#062; help
You are using psql, the command-line interface to PostgreSQL.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit
cdc_health_monitoring=&#062;
```

Any idea what could it be ?]]></description>
			<content:encoded><![CDATA[<p>I&#8217;ve followed the tutorial, the targets in the lb target group are healthy, VPC endpoint and VPC Endpoint Service are available<br />
When I attempt to connect to the DB via VPCE, the connection itself is successful, but any command inside psql that attempt to actually do something against the DB fails</p>
<p>&#8220;`<br />
psql -h vpce-02a70695b9c4ea212-zafhuhod.vpce-svc-0ac12131212121.eu-central-1.vpce.amazonaws.com -p 5432 -U postgres_user -d cdc_health_monitoring<br />
Password for user postgres_user:<br />
psql (12.12 (Ubuntu 12.12-0ubuntu0.20.04.1), server 13.4)<br />
WARNING: psql major version 12, server major version 13.<br />
         Some psql features might not work.<br />
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)<br />
Type &#8220;help&#8221; for help.</p>
<p>cdc_health_monitoring=&gt; \dt;<br />
FATAL:  Unknown error.<br />
SSL connection has been closed unexpectedly<br />
The connection to the server was lost. Attempting reset: Succeeded.<br />
psql (12.12 (Ubuntu 12.12-0ubuntu0.20.04.1), server 13.4)<br />
WARNING: psql major version 12, server major version 13.<br />
         Some psql features might not work.<br />
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)</p>
<p>cdc_health_monitoring=&gt; \l<br />
FATAL:  Unknown error.<br />
SSL connection has been closed unexpectedly<br />
The connection to the server was lost. Attempting reset: Succeeded.<br />
psql (12.12 (Ubuntu 12.12-0ubuntu0.20.04.1), server 13.4)<br />
WARNING: psql major version 12, server major version 13.<br />
         Some psql features might not work.<br />
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)<br />
cdc_health_monitoring=&gt; help<br />
You are using psql, the command-line interface to PostgreSQL.<br />
Type:  \copyright for distribution terms<br />
       \h for help with SQL commands<br />
       \? for help with psql commands<br />
       \g or terminate with semicolon to execute query<br />
       \q to quit<br />
cdc_health_monitoring=&gt;<br />
&#8220;`</p>
<p>Any idea what could it be ?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: I C		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-299</link>

		<dc:creator><![CDATA[I C]]></dc:creator>
		<pubDate>Fri, 20 May 2022 10:02:28 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-299</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-298&quot;&gt;I C&lt;/a&gt;.

Hi, 

I found the cause for my issue. The SSL error was returned because the psql was not using the proper encoding. Setting PGCLIENTENCODING=&#039;UTF8&#039; 

Another issue was the incorrect roles configuration: the rds-db:connect policy for the DB user must be configured on the Provider account, with a trust policy for the Consumer account to assume it. Once the Consumer account assumes this role, IAM authentication started to work.

Thx again for your article.]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-298">I C</a>.</p>
<p>Hi, </p>
<p>I found the cause for my issue. The SSL error was returned because the psql was not using the proper encoding. Setting PGCLIENTENCODING=&#8217;UTF8&#8242; </p>
<p>Another issue was the incorrect roles configuration: the rds-db:connect policy for the DB user must be configured on the Provider account, with a trust policy for the Consumer account to assume it. Once the Consumer account assumes this role, IAM authentication started to work.</p>
<p>Thx again for your article.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: I C		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-298</link>

		<dc:creator><![CDATA[I C]]></dc:creator>
		<pubDate>Wed, 18 May 2022 19:00:56 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-298</guid>

					<description><![CDATA[Hi,

I followed the steps from your article and everything worked as expected, I was able to connect to the RDS database using the user and password, over TLS. ( I am running an RDS Aurora PostgreSQL DB behind the RDS proxy)

After that, I enabled IAM Authentication on the RDS proxy, I created and attached the IAM role to the Consumer ec2 instance(the one with rds-db:connect action), but connecting to the RDS proxy, from the Consumer account, fails each time with ‘SSL connection was closed unexpectedly’.

IAM authentication works in the Provider account (I configured a similar role and attached it to the ec2 instance in the Provider account). 

Do you have any idea what might cause this issue?

Thank you. 
Ilie]]></description>
			<content:encoded><![CDATA[<p>Hi,</p>
<p>I followed the steps from your article and everything worked as expected, I was able to connect to the RDS database using the user and password, over TLS. ( I am running an RDS Aurora PostgreSQL DB behind the RDS proxy)</p>
<p>After that, I enabled IAM Authentication on the RDS proxy, I created and attached the IAM role to the Consumer ec2 instance(the one with rds-db:connect action), but connecting to the RDS proxy, from the Consumer account, fails each time with ‘SSL connection was closed unexpectedly’.</p>
<p>IAM authentication works in the Provider account (I configured a similar role and attached it to the ec2 instance in the Provider account). </p>
<p>Do you have any idea what might cause this issue?</p>
<p>Thank you.<br />
Ilie</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Kliment Andreev		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-297</link>

		<dc:creator><![CDATA[Kliment Andreev]]></dc:creator>
		<pubDate>Fri, 06 May 2022 11:19:36 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-297</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-296&quot;&gt;Leo&lt;/a&gt;.

1. They are supposed to be fixed. I followed this article and they mention &quot;according to AWS&quot; (https://docs.rivery.io/docs/creating-an-rds-proxy)
I asked our company AWS rep, he wasn&#039;t sure, he was supposed to ask but never came back. For now, let&#039;s assume the IPs are fixed. I have them running for more than a month and they&#039;ve stayed the same. 
2. I am not quite sure what are you asking, but from what I get it, it&#039;s a load balanced proxy on their side. They take care of the HA and sync, so i don&#039;t think this would be an issue.]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-296">Leo</a>.</p>
<p>1. They are supposed to be fixed. I followed this article and they mention &#8220;according to AWS&#8221; (<a href="https://docs.rivery.io/docs/creating-an-rds-proxy" rel="nofollow ugc">https://docs.rivery.io/docs/creating-an-rds-proxy</a>)<br />
I asked our company AWS rep, he wasn&#8217;t sure, he was supposed to ask but never came back. For now, let&#8217;s assume the IPs are fixed. I have them running for more than a month and they&#8217;ve stayed the same.<br />
2. I am not quite sure what are you asking, but from what I get it, it&#8217;s a load balanced proxy on their side. They take care of the HA and sync, so i don&#8217;t think this would be an issue.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Leo		</title>
		<link>https://blog.andreev.it/2022/03/aws-access-rds-database-using-privatelink-from-another-account/#comment-296</link>

		<dc:creator><![CDATA[Leo]]></dc:creator>
		<pubDate>Fri, 06 May 2022 03:14:01 +0000</pubDate>
		<guid isPermaLink="false">https://blog.andreev.it/?p=9118#comment-296</guid>

					<description><![CDATA[Hi, 2 questions.

1. Are RDS proxy IPs looked up from DNS fixed? So far I cannot find any documents stating they are fixed or not. If not, need another mechanism to update the IPs in target group timely.

2. Note there are 2 IPs got back from nslookup. Let&#039;s assume there are 2 logical proxies behind 2 IPs respectively, they are hosting their own connection pool separately. Min 1 app connects to proxy 1 and min 2 the app connects to proxy 2, will it be an issue? I mean the app needs to stick to a proxy? Maybe it&#039;s a dumb question, but hope you can advise. 

Thank you.]]></description>
			<content:encoded><![CDATA[<p>Hi, 2 questions.</p>
<p>1. Are RDS proxy IPs looked up from DNS fixed? So far I cannot find any documents stating they are fixed or not. If not, need another mechanism to update the IPs in target group timely.</p>
<p>2. Note there are 2 IPs got back from nslookup. Let&#8217;s assume there are 2 logical proxies behind 2 IPs respectively, they are hosting their own connection pool separately. Min 1 app connects to proxy 1 and min 2 the app connects to proxy 2, will it be an issue? I mean the app needs to stick to a proxy? Maybe it&#8217;s a dumb question, but hope you can advise. </p>
<p>Thank you.</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>
