I am working on setting up a Postgres instance on AWS through RDS. It has been placed into a VPC with a private subnet where the subnet CIDRs are: ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"].
I have a public subnet and have successfully connected to postgres through a bastion node from public to private subnet and run queries through SSH port forwarding.
However, now I am trying to setup a connection from a lambda that lives in the same private subnet of the VPC. The lambda has access according to the security group, but I receive the following error:
OperationalError: (psycopg2.OperationalError) FATAL: PAM authentication failed for user "service_worker" FATAL: pg_hba.conf rejects connection for host "10.0.23.73", user "service_worker", database "myDB", SSL off
I have connected successfully with service_worker through the bastion, but for some reason I can't do so through lambda. It seems like Postgres is rejecting this particular host. And I can't find any configuration or documentation that specifies how to change what RDS does when managing this information in the pg_hba.conf file.
Does anyone have any insight into telling Postgres that a connection from a host in the same subnet is ok? I'm assuming there is some security policy that I'm somehow missing in the mix of all this.
Thanks!
