postgresqlamazon-web-serviceslocalhostamazon-rdsssh-tunnel

How to connect to AWS RDS with SSL encryption from local?


I want to connect to an AWS RDS via an EC2 from local.

I created a tunnel on my local machine:

ssh -i ~/.ssh/id_rsa -f -N -L 5432:RDS-Endpoint:5432 EC2-User@EC2-IP -v

This way can work:

psql -hlocalhost -Upostgres -p5432 -d postgres

It really connected to the RDS db.

But if use an another postgres user with SSL certificated

psql -hlocalhost -p5432 "sslmode=verify-full sslrootcert=rds-ca-2019-root.pem user=another_user dbname=my_db"

Caused this error:

psql: error: server certificate for "tf-xxx.rds.amazonaws.com" (and 2 other names) does not match host name "localhost"

If do it on EC2 server, it works well. On local, it seems that the certificate doesn't match localhost. Then how to set it correctly?


Solution

  • I think you can do this by specifying the 'hostaddr' as 127.0.0.1, but specifying the 'host' as whatever the real hostname is.