Search code examples
amazon-web-servicessslamazon-rdsgrafana

AWS managed Grafana can not connect RDS Postgres DB as datasource with ssl enabled

Grafna works fine with SSL disabled at RDS postgres configuration but when enabled Grafana start throwing below error.

db query error: pq: no pg_hba.conf entry for host <IP>, user "grafana", database "system_monitor", no encryption

I tried to find steps to configure Datasource connection with "TLS/SSL Mode" required. But I am sure from where I should get "TLS/SSL Client Certificate" and "TLS/SSL Client Key"

Please point me to correct documentation or share steps to configure this.

Note: Grafana is service and not hosted on EC2.

Edit: Settings Grafana asking enter image description here

TSL/SSL Method Options enter image description here

Thanks in advance.

Solution

  • TLS secure config (not ignoring TLS cert verification): You need to configure TLS/SSL Root Certificate, where you need to paste PEM root CA, which you can download from https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.RegionCertificates (don't be tempted to use Certificate bundles for all AWS Regions - they are huge and may brick your Grafana, just use smaller region specific CA certs).

    You need to end up with this kind of config: enter image description here