I recently upgraded my Aurora Postgres DB from version 13 to 17 because version 13 is reaching its end of life. The upgrade process went smoothly and my application reconnected fine once the cluster was back online. However, I'm having trouble with the Query Editor; it connects but fails to run any queries, giving me the error: "ERROR: password authentication failed for user 'XXXX'; SQLState: 28P01". I've double-checked that I'm using the same credentials that my application servers are successfully using to connect to the database. I've even restarted the app servers, thinking it might have been a cached connection issue, but they work just fine. I haven't changed the database password yet as that would require downtime that I haven't scheduled with my customers. It seems like the password should be valid since the apps connect without any issues. Any ideas on what's going wrong? Is there a chance it's something with a parameter group setting?
2 Answers
It sounds like the issue could be related to the fact that version 17 might not support MD5 authentication anymore. I faced a similar problem with Redshift. You might want to check out this link for more info on scram authentication that started with version 14. It could provide some insights on what modifications are needed. Here's the link: https://aws.amazon.com/blogs/database/scram-authentication-in-rds-for-postgresql-13/
It’s possible that SSL enforcement has started with this update. If your application clients don't support it or lack the necessary AWS Root CA in their trust store, that could explain the connectivity problems. There's a parameter group setting you could tweak to test this out. It might be worth checking if the client needs an update to handle the SSL side better.
I already disabled the forcessl parameter since I noticed that setting was different, but I’m still having the same issue!
I did come across that but it doesn't explain how my app servers are still using the old password without issues. Any thoughts?