On Tue, 9 Nov 2021 at 00:10, Lynn Carol Johnson <lcj34@cornell.edu> wrote:
Thank you for the feedback.
We originally had this setup as a test, and we were connecting to the db from outside. Once the test scenario became something more permanent we neglected to fix access rights. Currently all access should be from a docker GUI which is run on that AWS instance, so I agree it shouldn’t be available.
Can you share logs from /var/log/messages or /var/log/syslog and /var/log/auth.log from around the same time postgresql was shutdown.
around: 2021-11-05 14:35:09.197 UTC i think (this was more than an hour later since the hba reject connection log)
was the db shutdown as a result of vm reboot around the same time. (can check via last reboot)
I think that can help figure out if this was a result of some automated trigger to shutdown the db, or manual.
there seems to be no signs of resource strain like cpu/memory/open file handles/port exhaustion/network interface errors etc. (disconnections were quick)
just wanted to know if there was any kernel panic or other issue that resulted in the server to shutdown itself or some via some other processes etc.
btw, it seems you used postgres(superuser) as your app user. i think you should avoid giving superuser access to app.
A simple model for a role grant/design template can be like this.
