Can I fix 'remaining connection slots are reserved' without restarting PostgreSQL?

Partially. You can terminate idle or idle-in-transaction connections immediately using pg_terminate_backend() via a superuser session — no restart required. However, to permanently raise max_connections or lower superuser_reserved_connections in postgresql.conf, a full PostgreSQL service restart is mandatory. These are not reload-only parameters. Deploying PgBouncer in front of an already-running PostgreSQL instance also requires no Postgres restart.

What is the difference between max_connections and superuser_reserved_connections?

max_connections is the absolute ceiling for all connections to the PostgreSQL instance. superuser_reserved_connections (default: 3) carves out a protected subset of those slots exclusively for superusers. When active connections reach (max_connections - superuser_reserved_connections), non-superuser logins are rejected with the FATAL error. The reserved slots guarantee a DBA can always connect to diagnose and recover the instance even under full load.

Why does PgBouncer in transaction mode break some PostgreSQL features?

In transaction pooling mode, PgBouncer assigns a real backend connection only for the duration of a single transaction, then returns it to the pool. This means session-level state — SET variables, advisory locks, prepared statements (server-side), and LISTEN/NOTIFY subscriptions — does not persist between transactions because the next transaction may land on a different backend connection. Applications relying on these features must either use session pooling mode (less efficient) or connect directly to PostgreSQL for those specific operations.

How to Fix PostgreSQL 'remaining connection slots are reserved for non-replication superuser connections' Error

Threat/Impact Level: CRITICAL | Downtime Risk: HIGH | Time to Fix: 5–30 mins depending on whether a pooler is already deployed

TL;DR

What broke: PostgreSQL hit max_connections hard limit. The last superuser_reserved_connections slots (default: 3) are being protected for superuser-only access, rejecting every new application connection with a FATAL error.
How to fix it: Either raise max_connections, reduce superuser_reserved_connections, or — the correct production answer — front PostgreSQL with PgBouncer in transaction pooling mode so your app's 500 threads share 20 real DB connections.
Shortcut: Use our Client-Side Sandbox above to paste your postgresql.conf or connection string and auto-generate the refactored config without sending your credentials anywhere.

The Incident (What Does This Error Mean?)

FATAL:  remaining connection slots are reserved for non-replication superuser connections

PostgreSQL tracks every connection against max_connections (default: 100). Within that ceiling, superuser_reserved_connections (default: 3) slots are hard-reserved. The moment your active connection count hits max_connections - superuser_reserved_connections, every non-superuser login — including your application service account — gets this FATAL rejection. The database is still up. Your application is completely down. This is not a crash; it is a connection starvation event. Every new request your app tries to open returns immediately with this error. Connection retry logic makes it worse by hammering the DB with failed handshakes.

The Attack Vector / Blast Radius

This is a cascading availability failure, not a security exploit. Here is the kill chain:

Traffic spike or slow query accumulation holds connections open longer than normal.
Connection pool on the app side (HikariCP, SQLAlchemy, etc.) exhausts its own pool and starts opening raw connections.
PostgreSQL hits max_connections - 3. The reserved superuser slots activate.
Every new app connection returns FATAL. Existing connections are unaffected — meaning long-running queries or idle-in-transaction sessions are actively blocking recovery.
Application servers begin throwing 500s or timing out. Kubernetes liveness probes fail. Pods restart. Restarting pods opens new connections, accelerating the spiral.
The only immediate escape hatch requires a superuser login — which is exactly what those 3 reserved slots exist for.

Secondary blast radius: If you raise max_connections naively without increasing shared_buffers and OS SHMMAX, PostgreSQL may fail to restart entirely. Each connection consumes ~5–10 MB of RAM on the backend process model. 500 connections = up to 5 GB RAM consumed by connection overhead alone before a single query runs.

How to Fix It

Immediate Triage (Superuser Access Required)

Connect via a superuser account (one of the 3 reserved slots) and identify the offenders:

-- See current connection counts by user and state
SELECT usename, state, count(*)
FROM pg_stat_activity
GROUP BY usename, state
ORDER BY count DESC;

-- Kill idle-in-transaction connections older than 5 minutes
SELECT pg_terminate_backend(pid)
FROM pg_stat_activity
WHERE state = 'idle in transaction'
  AND query_start < NOW() - INTERVAL '5 minutes';

Basic Fix — Adjust `postgresql.conf`

Only do this if you have confirmed available RAM. Rule of thumb: each connection needs ~10 MB. Validate before applying.

# postgresql.conf

- max_connections = 100
+ max_connections = 200

- superuser_reserved_connections = 3
+ superuser_reserved_connections = 5

# If raising max_connections, shared_buffers must scale too
- shared_buffers = 128MB
+ shared_buffers = 512MB

Requires a full PostgreSQL restart (not reload) for max_connections changes.

Enterprise Best Practice — Deploy PgBouncer in Transaction Mode

Raising max_connections is a band-aid. The correct fix is connection pooling at the middleware layer. PgBouncer in transaction pooling mode lets 500 application threads share a pool of 20–50 real PostgreSQL backend connections.

# pgbouncer.ini

+ [databases]
+ myapp_db = host=127.0.0.1 port=5432 dbname=myapp
+
+ [pgbouncer]
+ pool_mode = transaction
+ max_client_conn = 1000
+ default_pool_size = 25
+ reserve_pool_size = 5
+ reserve_pool_timeout = 3
+ server_idle_timeout = 600
+ log_connections = 0
+ log_disconnections = 0

# Application now connects to PgBouncer port (6432), not Postgres (5432)
- DATABASE_URL=postgresql://user:pass@postgres-host:5432/myapp
+ DATABASE_URL=postgresql://user:pass@pgbouncer-host:6432/myapp

# postgresql.conf — with PgBouncer fronting, you can now lower max_connections
- max_connections = 200
+ max_connections = 50

- superuser_reserved_connections = 3
+ superuser_reserved_connections = 5

Critical caveat: Transaction pooling mode breaks SET session variables, advisory locks, and LISTEN/NOTIFY. Audit your application code before switching. If you rely on these features, use statement pooling or keep a separate direct-connection pool for those use cases.

💡 Tired of pasting proprietary configs into ChatGPT? Generic AI tools log your company's ARNs, DB strings, and private keys. StackEngine is a zero-backend, pure Client-Side WASM utility. Drop your failing config into the sandbox above. We redact your secrets locally in the browser and auto-generate the refactored code using your own API key.

Prevention in CI/CD

1. Terraform — enforce connection pooler existence

# Enforce PgBouncer deployment exists alongside RDS/Cloud SQL
- resource "aws_db_instance" "main" {
-   # No pooler enforced
- }
+ resource "aws_db_instance" "main" {
+   # max_connections parameter group must be set explicitly
+ }
+
+ resource "aws_ecs_service" "pgbouncer" {
+   # PgBouncer sidecar/service required in same VPC
+ }

2. Checkov Policy — flag raw max_connections without pooler

Add a custom Checkov check or OPA Rego rule that fails any Terraform plan containing an RDS instance without a corresponding PgBouncer or RDS Proxy resource in the same module.

3. Alerting — alert before you hit the wall

# Prometheus alert — fire at 80% connection utilization, not 100%
- alert: PostgresConnectionUtilizationHigh
  expr: |
    (sum(pg_stat_activity_count) / pg_settings_max_connections) > 0.80
  for: 2m
  labels:
    severity: warning
  annotations:
    summary: "Postgres connections at {{ $value | humanizePercentage }} of max_connections"

4. Application-level — enforce pool sizing in code

# SQLAlchemy example
- engine = create_engine(DATABASE_URL)
+ engine = create_engine(
+     DATABASE_URL,
+     pool_size=10,
+     max_overflow=5,
+     pool_timeout=30,
+     pool_pre_ping=True,
+ )

pool_pre_ping=True detects stale connections before handing them to the application, preventing the silent connection leak pattern that causes this error in the first place.