I would like to alter pg_hba.conf in my postgres RDS instance so that I can use cert authentication. I have found the Parameters Group manager in the RDS which allows me to alter parameters but it just references a path for pg_hba.conf. It doesn't seem to allow me to alter pg_hba.conf.
Asked
Active
Viewed 3.7k times
15
-
2Can you not log in to the instance and use your favourite text editor ? – user9517 Dec 11 '13 at 06:56
-
6As noted this is RDS. You can't log into RDS instances. – Steven Noble Dec 11 '13 at 18:36
-
How did you go with this? Have you seen my solution below? – Drew Khoury Feb 16 '14 at 06:12
3 Answers
7
As of now, RDS does allow changing configurations. So you can
- See the list of configurations that your RDS is using.
- You can change these parameters. I believe you can not change all the parameters though. You can change those that are listed in the RDS reference page.
As usual there are some static (or fixed) configuration parameters for which you have to restart you DB server and then there are dynamic options for which you dont need a restart.
Here is what the RDS reference manual says:
PostgreSQL parameters that you would set for a local PostgreSQL instance in the postgresql.conf file are maintained in the DB parameter group for your DB instance. If you create a DB instance using the default parameter group, the parameter settings are in the parameter group called default.postgres9.3.
When you create a DB instance, the parameters in the associated DB parameter group are loaded. You can modify parameter values by changing values in the parameter group. You can also change parameter values, if you have the security privileges to do so, by using the ALTER DATABASE, ALTER ROLE, and the SET commands. Note that you cannot use the command line postgres command nor the env PGOPTIONS command because you will have no access to the host.
Here is the official amazon RDS documentation for postgres: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html#Appendix.PostgreSQL.CommonDBATasks.Parameters
Shiv
- 186
- 1
- 2
2
With RDS you don't edit config files directly. Instead edit the parameters through the RDS console, or via the API.
You can read up on "Modifying a DB Parameter Group" here: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html
You can modify parameter values in a user-created DB parameter group, but you cannot change the parameter values in a default DB parameter group. Changes to parameters are applied to DB instances that are members of the DB parameter group either immediately or on the next reboot of the DB instance, depending on the type of the parameter (dynamic or static) and the apply method chosen for the parameter update.
Drew Khoury
- 4,637
- 8
- 27
- 28
-
5Parameter groups do not give you access to `pg_hba.conf` settings, only to `postgresql.conf` settings. Keep an eye on when AWS add Option Groups for PostgreSQL. – Peter Sankauskas Apr 03 '14 at 06:13
1
Right now, you can't:
https://forums.aws.amazon.com/thread.jspa?messageID=505301񻗕
... at least they are aware of people wanting this.
My guess is this will be available when they add custom Option Groups for PostgreSQL.
Peter Sankauskas
- 698
- 6
- 11
- 21
-
1The linked page says "The thread you are trying to access has outdated guidance". (It's been 8 years since this serverfault answer was posted.) – John Pick Dec 12 '22 at 01:26