[英]Password auth fails when connecting to RDS Postgres using credentials generated by AWS
我正在嘗試從 ECS 實例連接到 RDS Postgres 數據庫,但我不斷收到error: password authentication failed for user
。 兩者均使用 AWS CDK 進行配置。 我只提供數據庫用戶名並讓 AWS 生成一個密碼,該密碼通過一個秘密 env var 提供給 ECS 實例。 我在 ECS 實例中記錄環境變量,我可以看到它正在接收數據庫連接信息,包括生成的憑據。
這是我的應用程序代碼
import * as dotenv from "dotenv";
import * as Koa from "koa";
import * as Knex from "knex";
dotenv.config();
const { env } = process;
const port = parseInt(env.PORT || "3000", 10);
function getDatabaseConnection(): Knex.Config["connection"] {
const {
DATABASE_URL,
DATABASE_HOST,
DATABASE_NAME,
DATABASE_CREDENTIALS,
DATABASE_PORT = "5432",
} = env;
if (DATABASE_URL) {
return DATABASE_URL;
}
if (!DATABASE_HOST)
throw new Error("Missing required env var: DATABASE_HOST");
if (!DATABASE_NAME)
throw new Error("Missing required env var: DATABASE_NAME");
if (!DATABASE_CREDENTIALS)
throw new Error("Missing required env var: DATABASE_CREDENTIALS");
const { username, password } = JSON.parse(DATABASE_CREDENTIALS);
return {
host: DATABASE_HOST,
user: username,
password: password,
port: parseInt(DATABASE_PORT, 10),
database: DATABASE_NAME,
};
}
main();
async function main() {
const databaseConnection = getDatabaseConnection();
console.log(`Connecting to database:`, databaseConnection);
let db: Knex | null = Knex({
client: "pg",
connection: databaseConnection,
acquireConnectionTimeout: 5000,
});
await db.raw("SELECT 10 + 15").catch((error) => {
console.log("Test query failed", error);
db = null;
});
const app = new Koa().use(async (context) => {
try {
context.response.body = {
hello: "world",
queryResult: db ? await db.raw("SELECT 10 + 15") : null,
};
} catch (error) {
context.response.body = {
error: { ...error, message: error.message },
};
}
});
await new Promise((resolve) => app.listen(port, resolve));
console.log(`Listening on port ${port}`);
}
還有我的 AWS CDK 堆棧
import { v4 as uuid } from "uuid";
import ec2 = require("@aws-cdk/aws-ec2");
import ecs = require("@aws-cdk/aws-ecs");
import cdk = require("@aws-cdk/core");
import { RemovalPolicy } from "@aws-cdk/core";
import rds = require("@aws-cdk/aws-rds");
import ecsPatterns = require("@aws-cdk/aws-ecs-patterns");
import path = require("path");
import { Port, InstanceClass, InstanceSize } from "@aws-cdk/aws-ec2";
import { Secret } from "@aws-cdk/aws-secretsmanager";
const app = new cdk.App();
const stack = new cdk.Stack(app, process.env.STACK_NAME || "HelloWorld");
const vpc = new ec2.Vpc(stack, "MyVpc", { maxAzs: 2 });
const cluster = new ecs.Cluster(stack, "Cluster", { vpc });
const port = 3000;
const databasePort = 5432;
const databaseUser = "app";
const databaseName = "app_db";
cluster.addCapacity("cluser_capacity", {
instanceType: ec2.InstanceType.of(InstanceClass.T2, InstanceSize.MICRO),
maxCapacity: 1,
});
const database = new rds.DatabaseInstance(stack, "AppDatabase", {
vpc,
engine: rds.DatabaseInstanceEngine.POSTGRES,
instanceClass: ec2.InstanceType.of(
ec2.InstanceClass.T2,
ec2.InstanceSize.MICRO
),
removalPolicy: RemovalPolicy.DESTROY,
databaseName: databaseName,
masterUsername: databaseUser,
deletionProtection: false,
port: databasePort,
});
const apiService = new ecsPatterns.ApplicationLoadBalancedFargateService(
stack,
"AppService",
{
cluster,
publicLoadBalancer: true,
taskImageOptions: {
environment: {
PORT: port.toString(),
DATABASE_PORT: databasePort.toString(),
DATABASE_HOST: database.dbInstanceEndpointAddress,
DATABASE_USER: databaseUser,
DATABASE_NAME: databaseName,
},
secrets: database.secret
? {
DATABASE_CREDENTIALS: ecs.Secret.fromSecretsManager(
database.secret
),
}
: {},
containerPort: port,
image: ecs.ContainerImage.fromAsset(
path.resolve(__dirname, "..", "local-image")
),
},
}
);
database.connections.allowFrom(apiService.service, Port.tcp(databasePort));
app.synth();
為什么 RDS 生成的用戶名/密碼不起作用?
如果您在創建時遇到此問題,則可能是您沒有命名數據庫。 該名稱與實例不同,AWS 默認為非命名數據庫。
在 AWS 控制台中,導航到 RDS > 數據庫 > your_database > 配置
是否填充了“數據庫名稱”字段? 如果不是,請刪除此數據庫並重新創建它。
在創建菜單的最后,在“附加配置”下查看。 添加您選擇的“初始數據庫名稱” 。 現在這是您的數據庫名稱。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.