Reputation: 1854
AWS RDS Database from Rails app - Error when switching from root to IAM user
I am accessing an RDS PostgreSQL database on AWS from a rails app I'm developing. Currently, I am accessing the database with my AWS root credentials.
In my database.yml:
pg_development:
<<: *pg_default
adapter: postgresql
database: myDatabase
username: myRootUsername
password: myRootPassword
host: myDatabase.1234.us-east-1.rds.amazonaws.com
In production, they are stored in Heroku config vars.
This worked perfectly with my root credentials. I then set up an IAM user and group for more security. I have granted every policy that I could think of. I followed http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.html to the best of my ability...
In my dev environment I am seeing a rails error PG::ConnectionBad FATAL: password authentication failed for user "myIAMuser"
In my Heroku logs it says Completed 500 Internal Server Error in 59ms (ActiveRecord: 1.3ms) and the same FATAL error I see in dev.
I have never used IAM before and I am hoping that I am just making a simple mistake and the method of passing credentials is different with IAM.
I have tried restarting servers, switching back to root to make sure I didn't mess anything else up to cause the error, rake db:migrate, couldn't think of anything else that would cause this.
Upvotes: 0
Views: 755
Answers (1)
Reputation: 1973
You are mixing IAM users with database users...
The IAM user, is a user within AWS (one that may be able to log into the management console for example, or use an SDK functionality to launch ec2 instaces, created RDS databases, write data to S3 and so on).
When you launch a RDS instance, you must specify an admin/root username and password. My guess is that this is the username and password that works (note that this username and password does not identify an IAM user).
If you want to narrow down the database access of you application, you need to create a new database user inside the RDS PostgreSQL itself (using a Postgre GUI of some sort, or by connecting the Postgre database and issuing CREATE USER).
Upvotes: 3
Related Questions
- AWS RDS - IAM Database Authentication with Rails
- Ruby on Rails app runs only as a root user and errors out when run as ec2-user
- Error connecting Rails 5 app database.yml to AWS RDS instance
- RDS Postgres DB IAM generate_db_auth_token not working
- Rails & Postgresql on AWS Cloud 9 : role "ec2-user" does not exist
- Connect to Amazon RDS Postgresql with IAM Role
- Connecting to an Amazon RDS instance via Heroku
- Rails App on Heroku Can't Connect to RDS
- Getting an 'Application Error' when trying to push my database to Amazon RDS with the heroku gem
- Trouble connecting Heroku App with Amazon RDS Instance