aws-samples
Allow to set password_encryption algorithm
Description of changes:
This allow you to override the encryption algorithm used by the server when storing the password to support legacy clients like Redshift.
Redshift is not able to connect to PostgreSQL with scram-sha-256. This message is returned:
authentication method 10 not supported
Possibly Redshift is using an old version of libpq which only support md5. This change fixes the problem for us.
References:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
We provide a Redshift rotation lambda, are you not able to use that one instead?
I don't believe that one works for PostgreSQL. This is for changing the password in PostgreSQL and optionally specifying the encryption method used (eg one that is supported by Redshift). Newer versions of PostgreSQL uses an password encryption method that is not supported by Redshift (or older versions of libpq) so this allow us to keep backwards compatibility.
You can connect from Redshift to PostgreSQL with an external schema. https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_EXTERNAL_SCHEMA.html