Limiting user access by subnet to Amazon Aurora PostgreSQL

Question

How do I limit user access by IP? For example, assuming I have two non-superusers (user1 and user2), how can allow general access (only limited by security groups) to the instance/cluster by user1 but only allow access to a particular subnet for user2?

In standalone PostgreSQL this is handled within pg_hba.conf, which to my knowledge doesn't exist in RDS and Aurora on AWS.

pg_hba.conf equivalent:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    app_db          user1           0.0.0.0/0               scram-sha-256
host    app_db          user2           10.0.12.0/24            scram-sha-256

Answer 1

here are two ideas that can be tried..

Run a script or other little app in the background that scans through the killing connections that do not match the established rules it fires off every few seconds ..

Or create a system event trigger that fires off checks the user IP address and any other information that needs to be checked when the connection is made, if it fails the checks call

select  pg_terminate_backend(pid) --or
select  pg_cancel_backend(pid)

The information needed is located in

select * from pg_stat_activity