0

I am trying to connect existing spring boot application from EC2(RHEL 8) to RDS Postgres database. Both RDS and EC2 are in the same private VPC.

Connection establishment is working fine from my local spring boot application without SSL to RDS. From Pgadmin4, i could connect with or with SSL. No luck from EC2. getting "org.postgresql.util.PSQLException: SSL error: Received fatal alert: handshake_failure" while starting the application.

telnet is successful from EC2 to RDS db instance. Not sure what I am missing, I am stuck.

I cannot change application code at this point.

What I have tried:

  1. In EC2 security group, inbound rules are
  • enter image description here
  1. In RDS security group, inboenter image description hereund rules are,
  2. I downloaded rds region cerficate and copied in /etc/pki/ca-trust/source/anchors/ and also under JVM location (.........openjdk-8u432-b06-Build/jre/lib/security/cacerts)
  3. Generated JKS, CRT files from .pem file and copied that under JVM location.
  4. I have also tried the below configurations from application.properties file.
    server.ssl.keyStore=truststore.jks
    server.ssl.keyStorePassword=changeit
    server.ssl.keyStoreType=JKS
    #With or without the below
    server.ssl.enabled=true

    server.ssl.key-store=truststore.jks
    server.ssl.key-store-password=changeit
    server.ssl.key-storetype=JKS
    #With or without the below
    server.ssl.enabled=true
Improve this question

1 Answer 1

Reset to default
1

The 'correct' configuration would be:

  • A security group on the EC2 instance (app-sg) that permits All Outbound traffic
  • A security group on the RDS database (rds-sg) that permits Inbound connections on port 5432 from app-sg

That is, rds-sg specifically refers to app-sg rather than using an IP address. This way, any instance that uses app-sg will be permitted to communicate with the RDS database.

Also, Amazon RDS for Postgres always wants to use SSL, so make sure that is enabled.

Test the connection by logging into the EC2 instance and using the psql command-line or Pgadmin4. Once that is working, you can test your app's connection to RDS.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.