Cross-account VPC peering?


hopefully this is useful for someone struggling with the same problem. Spent two work days wondering what is going on.

I tried to setup cross-account VPC peering to access RDS Postgres database on another AWS account.
The VPC peering between subnets on different accounts was working fine (tested with ec2 instances) but it seems that Quicksight can’t connect to database, instead, timeout occurs every time.

It seems that Quicksight Postgres connector doesn’t give very useful errors, instead, most of the time it just gives timeout error, no matter what; even with wrong password, etc.

For me, the problem was that the RDS Postgres instance was using Postgres version 14.2.
Although according to Quicksight documentation it should work, it just doesn’t.

I guess Quicksight uses some old postgres client behind the scenes that is not compatible with this setup. Connecting to other RDS Postgres with version 12.8 worked. This other DB is in same subnets and same security groups.

Confirmed this by downgrading the 14.2 version to 12.8 and now the connection works.

@ptka You are right on your assessment. Just wanted to give more context why the connection didn’t work with 14.2 version. PGSQL 14 and above enforce scram-sha-256 encryption for user password which PGSQL driver 42.2 doesn’t support (QS PGSQL Connector Version). Also once the user is created when scram-sha-256 encryption was enabled, pgsql14 doesn’t allow to change it to md5 password encryption for existing users. Now, if you want to continue using version 14 or above, you’d need to change password_encryption parameter to md5 and create a new user for QS to use afterwards.

Ref: PostgreSQL: Documentation: 14: 21.5. Password Authentication

1 Like


read this post in detail.