I’m running Boundary Community Edition v0.19.2 on an EC2 instance (Amazon Linux 2023 AMI) inside a private subnet in AWS. Vault (also Community Edition) is configured and integrated with Boundary as a credential store using the vault-generic type.
My target is a Postgres database (on another EC2 in the same subnet). I’ve verified that:
- Vault is unsealed and accessible internally
- Dynamic credentials for
database/creds/boundary-rolework via Vault UI - Boundary Worker can reach the Postgres target
- Vault token in Boundary has full permissions (read, update, renew, etc.)
vault_path,vault_http_method=POST, and attribute mapping are all set properly via CLI
However, when I attempt to connect to the target using:
boundary connect postgres \
-target-id ttcp_QpMgVh1v6Q \
-token env://BOUNDARY_TOKEN \
-dbname testing
I get this error:
Error from controller when performing authorize-session action against given target
Error information:
Kind: Internal
Message: targets.(Service).AuthorizeSession: vault.(Repository).Issue: vault.(client).post: vault: http://10.234.156.110:8200: external system issue: error
#3014: Error making API request.
URL: PUT http://10.234.156.110:8200/v1/database/creds/boundary-role
Code: 405. Errors:
* unsupported operation
Status: 500
This indicates that Boundary is incorrectly issuing a PUT request to the Vault endpoint database/creds/boundary-role, which only supports POST.