#SSL Connection to RDS (postgresql)

Hi,
I am trying to connect payloadcms to my RDS database, but I keep encountering the following error: connect ETIMEDOUT.
src_2: https://discord.com/channels/967097582721572934/1265228001767985182
src_2:https://discord.com/channels/967097582721572934/1228315004776878120

NB: My RDS database is only accessible inside the VPC and uses the rds-ca-rsa2048-g1 certificate;
postgres version : 16.3

I successfully connected to my RDS database using my PEM access key in DBeaver. But I can't get it to work this way :

postgresAdapter({
pool: {connectionString: process.env.DATABASE_URI,
ssl: {
  rejectUnauthorized: true,
  ca: Buffer.from(process.env.SSL_CERT_BASE64 || '', 'base64').toString('utf-8'),
  }
      },
})``` SSL_CERT_BASE64 : is my encoded ``eu-west-3-bundle.pem``

Also the aws sdk at v3 did not work at all. I had to use V2

No idea why

This is how i have mine setup. Did you properly pass the password in? In my case i am using IAM authentication

And here is where i form the adapter config using the above connection options

🤩 🤩 🤩

thanks man 🤍

No problem. It was such a headache for me 😓 so glad i could help lol

Hey @nocturne glacier , I'm trying to do exactly that right now. I need to get a password dinamycally with that RDSSigner.getAuthtoken to use in the database adapter plugin. How did you do to get that dinamically and still pass that value to the payloa.config file? I can see you somehow managed to do that, but I don't understand how to dinamically do that. I really appreciate if you can give me some guidance here.

Hey luiz, sure. So the postgres adapter lets you pass a function as the password. That function runs each time the adapter needs the password to connect to the database. So if you look at the first screenshot, on line 71 - i am passing an async function to the password field. The async function is shown right above “getDBPassword”. It just uses a promise to call that signer auth token function.

Does that make sense?

Oh, didn't know that you could pass a function! That makes a lot of sense

And you're passing user, password, hosts, and the remaining information in separate

Also, what happens if your password expires and you try to use it. I saw in the code comments you mentioned it expires every 15 minutes...so I'm wondering how you handle that.

Sorry, so many questions, but this will help me so much. Thanks @nocturne glacier !

I was just constructing the details in an object, and then i spread that object into the adapter.pool config. You could just write it in there directly

Turns out i was wrong about the frequency, for me it expired every 5-6 hours i think. But that’s what the function is for! The adapter just re runs the function and gets new credentials

By the way this code is using V2 of the AWS packages. Needs some updates if you’re using V3

Ah, ok ,so the adapter re runs the function in that case. Awesome.

Yeah, when it comes to querying the password, I think doing something similar to this https://vercel.com/docs/oidc/aws#query-an-aws-rds-instance

Yeah, you just need to pass the function reference, aka don’t call the function

Nice, yeah looks even cleaner than my code lol

I guess you can just pass the signer.getAuthToken directly

Yep

@nocturne glacier , thank you SO MUCH for your help and your time on this ! I'll try this later today

For some reason I just get a timeout and I'm not able to see the signer instance. I logged all the values in the vercel dashboard and they properly set, but I don't get a response . Trying to figure out what is going on...