I'd like to back up an Azure PostgreSQL Single Server instance using the Azure Backup Vault, which is only available through a Private Endpoint. I've created the Backup Vault and the Backup Instance inside it, but I'm encountering the following error:
Message: Failed to authenticate the database user. This may happen if the credentials (username and/or password) in the key vault are incorrect or the specified user does not have login access.
Recommendations: Ensure that the credentials stored as part of the secret value in the key vault are valid. Ensure that the specified database user has login access. Refer to aka.ms/UserErrorDBUserAuthFailed for details.
I used this example code to create the backup instance with Terraform AzureRM Provider: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_postgresql
The credentials stored in the key vault are:
❯ terraform console > module.azure-infrastructure.foobar "Server=<server-name>.postgres.database.azure.com;Database=<database>;Port=5432;User Id=<database>@<server-name>.postgres.database.azure.com;Password=<password>;Ssl Mode=Require;" The username and password are correct (I'm 100% sure), as we run a few services in a private network that can connect to the database using these credentials. In the database logs, I cannot see any authentication failure during the backup's time.
My current hunch is that the Backup Vault cannot reach a database instance that is only available through a private endpoint. I think this because if I try to log into the PostgreSQL server with intentionally wrong credentials, the following is written to the log:
password authentication failed for user \"dbadmin\" However, nothing similar is written to the log when the backup is trying to run. Any idea on how to make the backup run inside the private network?
Or how to back up an Azure PostgreSQL Single Server database that runs in a private network?
Thanks,
backup privilegeson the server.?