Skip to content

configuration.postgresql - AWS EKS to RDS - Assume IAM Role workflow not connecting #3974

New issue
New issue
Open
#3977
Open
configuration.postgresql - AWS EKS to RDS - Assume IAM Role workflow not connecting#3974
#3977
Labels
kind/bugSomething isn't working
@adegroff

Description

@adegroff
adegroff
opened on Aug 15, 2025

Expected Behavior

Application sidecar should connect to the AWS RDS PostgreSQL database and authenticate with no errors.

Actual Behavior

Authentication errors like this are found in the sidecar logs:

Failed to init component pg-configstore (configuration.postgresql/v1): [INIT_COMPONENT_FAILURE]: 
initialization error occurred for pg-configstore (configuration.postgresql/v1): 
PostgreSQL configuration store ping error: failed to connect to `host=(-redacted-).us-east-1.rds.amazonaws.com user=(-redacted-) database=appconfig`: 
server error (FATAL: empty password returned by client (SQLSTATE 28P01))" 
app_id=(-redacted-) instance=(-redacted-) 
scope=dapr.runtime.processor type=log ver=1.15.8

Steps to Reproduce the Problem

Followed the Configuration Store's documentation on Authenticate using AWS IAM along with the general Assume IAM Role documentation

Created a user in the AWS RDS PostgreSQL database that has been granted the rds_iam database role.

Created an application with this component manifest

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: pg-configstore
spec:
  type: configuration.postgresql
  version: v1
  metadata:
    - name: useAWSIAM
      value: "true"
    - name: connectionString
      value: "host=(-redacted-).rds.amazonaws.com user=(-redacted-) port=15432 dbname=appconfig sslmode=require"
    - name: region
      value: "us-east-1"
    - name: table
      value: "configtable"

Note
Was able to create a state.postgresql component, and the sidecar was able to successfully connect and authenticate to the same database instance, database, and user.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: pg-state
spec:
  type: state.postgresql
  version: v2
  metadata:
    - name: useAWSIAM
      value: "true"
    - name: connectionString
      value: "host=(-redacted-).rds.amazonaws.com user=(-redacted-) port=15432 dbname=appconfig sslmode=require"
    - name: region
      value: "us-east-1"

Release Note

RELEASE NOTE: FIX Authentication bug in runtime with configuration.postgresql and AWS Assume IAM Role workflow.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions