In AWS's direct postgres offering RDS Postgres, you can require SSL by setting the parameter group item rds.force_ssl to 1.
This is as per the RDS postgres documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
However Aurora Postgres does not have this parameter item, and there is no ability to add new parameters either. How do you turn on require ssl for an Aurora instance?
I can see in the Aurora version that it supports SSL:
create extension sslinfo;
select ssl_is_used();
select ssl_cipher();
And I can optionally connect via ssl:
psql -h my-ssl-test1.cwzhlddlylx.us-east-1.rds.amazonaws.com -p 5432
-U myuser -d mydb sslrootcert=rds-ca-2015-root.pem sslmode=verify-full
1 Answer 1
For Aurora Postgres, there's two relevant cluster-level parameters (note they're not instance-level parameters): rds.force_ssl and ssl. I haven't tested this myself but you should be able to modify them in the usual way using DB Parameter Groups.
-
I applied this in the UI but needed to reboot the instances in order to be in effect. I don't know of another way though :/tehmoon– tehmoon2020年02月15日 14:25:53 +00:00Commented Feb 15, 2020 at 14:25
Explore related questions
See similar questions with these tags.