As part of AWS’s standard security best practices for their Relational Database Service (RDS), a new certificate authority (CA) for RDS, Aurora and DocumentDB database instances is now available.
The current CA expires on March 5, 2020, however, to avoid interruption of your customer’s applications that use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to connect to their database instances, AWS recommends complete these updates be completed by Feb. 5, 2020.
To protect communications with RDS database instances, a CA generates time-bound certificates that are checked by client applications that connect via SSL/TLS to authenticate RDS databases before exchanging information. AWS renews the CA and creates new root certificates every five years to ensure RDS customer connections are properly protected for years to come.
If CA updates aren’t completed before Feb. 5, applications using SSL/TLS will fail to connect to their existing database instances as soon as RDS rotates certificates on the database side.
If your RDS database instances were created before Jan. 14, 2020, you’ll need to update certificates for all applicable programs.
If your RDS database instances were created after Jan. 14, 2020, no action is needed, as it will automatically default to using the new certificates.
For applications that don’t use SSL/TLS to connect, no action is needed. However, using SSL/TLS is a security best practice.
For further information please refer to the full length article on the AWS database blog.
VAST IT Services offers IT strategy services to help organizations evaluate their technology needs and make strategic choices. Our partnerships with the big-three public cloud providers, plus numerous other top-tier technology vendors, allow us to design solutions that meet your needs in every environment. Contact us to learn more about making and implementing the right technology decisions for your business.