Question

RDS while connection error: no pg_hba.conf entry for host

I need assistance as I'm having trouble connecting to a managed Postgres database on RDS. I'm encountering the following error message: "no pg_hba.conf entry for host '16.151.149.51', user 'analytics', database 'database', no encryption" I have confirmed that encryption is functioning properly, and I've also added the IP to the security groups. What steps should I take to resolve this issue?

 48  48203  48
1 Jan 1970

Solution

 70

First of all I wanna note that Nick's answer resolved my issue, but I just would love to add a detailed steps to follow for those who's new to AWS:

Create a New Parameter Group:

  1. Open the Amazon RDS console at https://console.aws.amazon.com/rds/.
  2. In the navigation pane, choose "Parameter groups".
  3. Click "Create parameter group" at the top right of the page.
  4. In the "Parameter group family" dropdown, select "postgres15".
  5. In the "Group name" field, enter a name for the new parameter group.
  6. In the "Description" field, enter a description for the new parameter group.
  7. Click "Create" at the bottom right of the page.

Modify the rds.force_ssl Parameter of your new Parameter Group:

  1. In the list of parameter groups, click on the name of the new parameter group you just created.
  2. In the "Filter parameters" box, type rds.force_ssl and press Enter.
  3. You should see the rds.force_ssl parameter. Click "Edit parameters".
  4. Change the value of rds.force_ssl from 1 to 0, then click "Save changes".

Associate Your RDS Instance with the New Parameter Group:

  1. In the navigation pane, choose "Databases".
  2. Click on the name of your RDS instance.
  3. Click "Modify" at the top right of the page.
  4. In the "Database options" section, find the "DB parameter group" setting and select the new parameter group you created from the dropdown menu.
  5. Scroll down and click "Continue".
  6. Review the summary of modifications and click "Modify DB Instance".

Reboote Your RDS Instance:

  1. In the navigation pane, choose "Databases".
  2. Click on the name of your RDS instance.
  3. Click "Actions" at the top right of the page, then "Reboot".
  4. Confirm that you want to reboot the instance.

By following these steps, you should be able to successfully modify the rds.force_ssl parameter in your Amazon RDS instance. And hopefully the connection issue would be resolved.

2024-01-09

Solution

 70

First of all I wanna note that Nick's answer resolved my issue, but I just would love to add a detailed steps to follow for those who's new to AWS:

Create a New Parameter Group:

  1. Open the Amazon RDS console at https://console.aws.amazon.com/rds/.
  2. In the navigation pane, choose "Parameter groups".
  3. Click "Create parameter group" at the top right of the page.
  4. In the "Parameter group family" dropdown, select "postgres15".
  5. In the "Group name" field, enter a name for the new parameter group.
  6. In the "Description" field, enter a description for the new parameter group.
  7. Click "Create" at the bottom right of the page.

Modify the rds.force_ssl Parameter of your new Parameter Group:

  1. In the list of parameter groups, click on the name of the new parameter group you just created.
  2. In the "Filter parameters" box, type rds.force_ssl and press Enter.
  3. You should see the rds.force_ssl parameter. Click "Edit parameters".
  4. Change the value of rds.force_ssl from 1 to 0, then click "Save changes".

Associate Your RDS Instance with the New Parameter Group:

  1. In the navigation pane, choose "Databases".
  2. Click on the name of your RDS instance.
  3. Click "Modify" at the top right of the page.
  4. In the "Database options" section, find the "DB parameter group" setting and select the new parameter group you created from the dropdown menu.
  5. Scroll down and click "Continue".
  6. Review the summary of modifications and click "Modify DB Instance".

Reboote Your RDS Instance:

  1. In the navigation pane, choose "Databases".
  2. Click on the name of your RDS instance.
  3. Click "Actions" at the top right of the page, then "Reboot".
  4. Confirm that you want to reboot the instance.

By following these steps, you should be able to successfully modify the rds.force_ssl parameter in your Amazon RDS instance. And hopefully the connection issue would be resolved.

2024-01-09

Solution

 34

If you're using Engine 15 or higher:

When setting up a database in RDS, the default parameter group for postgres15 (default.postgres15) is used. However, we need to change the 'rds.force_ssl' parameter, which isn't editable in the default.postgres15 group. To do this, we'll create a new parameter group for postgres15, which allows us to make edits.

Once the new parameter group is created, we'll select it and find the 'rds.force_ssl' parameter. We'll change its value from 1 to 0 (the default is 1).

Then, in the database configuration tab, we'll switch the 'DB instance parameter group' from the default group to the new one.

After making these changes, we'll reboot the database and try connecting again. This should work.

Steps to Follow

  • Set up a new parameter group for postgres15, as the default parameter group (default.postgres15) does not allow editing the 'rds.force_ssl' parameter.
  • Select the newly created parameter group for postgres15. Locate the 'rds.force_ssl' parameter within the selected parameter group.
  • Change the value of the 'rds.force_ssl' parameter from 1 to 0 (the default value is 1).
  • Navigate to the database configuration tab.
  • Switch the 'DB instance parameter group' from the default group to the newly created parameter group for postgres15.
  • After applying these changes, reboot the database. Attempt to connect to the database again to ensure the changes are effective.
2023-11-24

Solution

 34

If you're using Engine 15 or higher:

When setting up a database in RDS, the default parameter group for postgres15 (default.postgres15) is used. However, we need to change the 'rds.force_ssl' parameter, which isn't editable in the default.postgres15 group. To do this, we'll create a new parameter group for postgres15, which allows us to make edits.

Once the new parameter group is created, we'll select it and find the 'rds.force_ssl' parameter. We'll change its value from 1 to 0 (the default is 1).

Then, in the database configuration tab, we'll switch the 'DB instance parameter group' from the default group to the new one.

After making these changes, we'll reboot the database and try connecting again. This should work.

Steps to Follow

  • Set up a new parameter group for postgres15, as the default parameter group (default.postgres15) does not allow editing the 'rds.force_ssl' parameter.
  • Select the newly created parameter group for postgres15. Locate the 'rds.force_ssl' parameter within the selected parameter group.
  • Change the value of the 'rds.force_ssl' parameter from 1 to 0 (the default value is 1).
  • Navigate to the database configuration tab.
  • Switch the 'DB instance parameter group' from the default group to the newly created parameter group for postgres15.
  • After applying these changes, reboot the database. Attempt to connect to the database again to ensure the changes are effective.
2023-11-24