search

aws / aws-toolkit-jetbrains

AWS Toolkit for JetBrains - a plugin for interacting with AWS from JetBrains IDEs
https://plugins.jetbrains.com/plugin/11349-aws-toolkit
Apache License 2.0
753 stars 219 forks source link

unable to connect to RDS db with IAM Auth, unclear why #3497

Open yuvii opened 1 year ago

yuvii commented 1 year ago

Hi all. I'm trying to connect to a DB on AWS RDS through the AWS toolkit on Datagrip.

I followed the docs, enabled IAM auth on the DB, set the access keys etc. Datagrip is able to connect to AWS quite well and I can see and read files on S3 and other services just fine, but when I try to connect to the RDS db it doesn't work. I get this very general and unclear error:

image

I've opened a question on Stackoverflow too. AWS Toolkit automatically filled the details but the setup configuration looks something like this:

image

why is this happening? What should I check? What could be the problem? Thanks

amw349 commented 1 year ago

Is the DB in a private or public subnet?

yuvii commented 1 year ago

@amw349 the db is not "publicly accessible" but is in a subnet group with two public subnets attached to it

amw349 commented 1 year ago

Do you have an ssh tunnel setup?

yuvii commented 1 year ago

@amw349 we have an ssh tunnel setup to the RDS database but we're actually trying to move away from that and instead use the IAM auth instead

amw349 commented 1 year ago

Ok and how are you planning to reach the instance without the tunnel?

Can you currently connect to it with the tunnel?

yuvii commented 1 year ago

@amw349 we want to avoid the ssh tunnel. We're currently connecting through it but as I understand it IAM auth is an alternative that doesn't require SSH

amw349 commented 1 year ago

I don't see how you could access the RDS instance in a private subnet without it. Per this doc, you still need it with IAM auth.

If you don't want to deal with the key pairs you can use ssh over session manager. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html

Other option is having a VPN.

yuvii commented 1 year ago

@amw349 that doc you linked says SSL not SSH, which is confusing because as I understood that was a bonus security measure not a necessary required part but I'll try it out. I don't really understand what you mean by a VPN in this context.

yuvii commented 1 year ago

It's no working anyway. I don't understand I truly don't. Why does the link you provide tell me to connect to an EC2 instance through a role while this one gives a much more straightforward approach that tells you to connect to it directly through the AWS toolkit? This is ridiculous